85f706f93e2f9c90a60dbbeb089f5540c70025132b89899cf5eb73c9552a9e70

Analysis

max time kernel
13s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
Size

1.9MB
MD5

bb6a77719894e2cdc4ac4520d28577a0
SHA1

86413735413a301079e6d03e83c657d4d78c53dc
SHA256

85f706f93e2f9c90a60dbbeb089f5540c70025132b89899cf5eb73c9552a9e70
SHA512

e26358261e3ea21a14b427369769298d3cf77a18678932d4b79641526a89a1cbc4f75be05441870065075fa059377fc6b4dcc060d18fba923f70bee64032ac82
SSDEEP

49152:/E6N6NdJ00mrNzYxCpqNkv9dYC6ePO1qww8JT:/MNditY2Ck1GCH+T

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0008000000015c99-5.dat	upx
behavioral1/memory/2688-24-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2568-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2616-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2172-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2628-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2936-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/588-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-87-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2512-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2688-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2568-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1956-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1088-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2136-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/888-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1664-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2616-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1652-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2628-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2936-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2512-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2076-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2628-117-0x00000000045F0000-0x000000000460F000-memory.dmp	upx
behavioral1/memory/1664-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2928-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1652-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1660-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1540-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2076-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2512-124-0x00000000007F0000-0x000000000080F000-memory.dmp	upx
behavioral1/memory/2928-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1660-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2408-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/936-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2268-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1928-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2308-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2428-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/696-142-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1540-144-0x00000000046C0000-0x00000000046DF000-memory.dmp	upx
behavioral1/memory/936-145-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1756-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/964-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/908-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3048-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\B:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\I:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\J:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\K:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\N:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\P:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\R:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Z:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\A:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\L:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\V:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\E:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\G:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\M:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\U:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\W:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\H:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\O:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Q:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\T:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\X:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Y:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\danish fetish hardcore several models redhair .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese animal blowjob full movie cock balls (Jade).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast full movie cock lady (Samantha).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum horse full movie .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\IME\shared\fucking hidden circumcision .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian kicking blowjob hot (!) high heels .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot horse hidden cock latex .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian several models hole upskirt (Curtney).mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake masturbation .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot fucking big .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\american cumshot hardcore hot (!) titts .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese kicking blowjob hidden cock (Sonja,Sarah).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american cumshot fucking hot (!) .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\black horse bukkake [bangbus] hole leather (Melissa).zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Windows Journal\Templates\beast big sm .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking girls titts .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american porn lesbian catfight granny .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Google\Temp\swedish horse lesbian girls feet ìï (Jade).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Google\Update\Download\spanish sperm girls .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking lesbian feet latex (Tatjana).mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking girls (Curtney).zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish animal xxx [free] shower .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore lesbian .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx [milf] bondage .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian horse lesbian licking hole gorgeoushorny (Tatjana).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Drops file in Windows directory 35 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian handjob horse uncut .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\hardcore voyeur boots (Christine,Melissa).avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american horse blowjob full movie glans .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\Downloaded Program Files\lesbian public feet boots (Janette).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay voyeur titts mistress .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx hot (!) titts .mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\SoftwareDistribution\Download\russian porn beast catfight .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling lesbian .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian gang bang bukkake [bangbus] titts lady (Karin).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\tmp\xxx catfight mature (Sonja,Janette).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse lesbian big hole tÛ (Melissa).rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french gay licking .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish beastiality sperm [free] boots .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black porn trambling [free] hairy .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\security\templates\lesbian voyeur beautyfull .mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\kicking sperm uncut shoes .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\italian cum sperm sleeping .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\mssrv.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\xxx licking hole stockings .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\PLA\Templates\black gang bang lesbian public pregnant .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black fetish bukkake sleeping feet young (Melissa).mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american action hardcore full movie hole .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian action trambling licking feet balls (Sylvia).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese handjob lesbian [milf] stockings .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\temp\american action trambling catfight cock .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian cumshot lesbian sleeping cock castration .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian gang bang lingerie big titts redhair (Karin).avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese porn xxx public hole granny (Tatjana).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese horse blowjob [milf] (Sylvia).mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish cum horse hidden swallow .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore catfight .mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian beastiality bukkake [milf] .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\horse hot (!) ejaculation (Sandy,Sylvia).zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big feet .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\malaysia xxx big femdom .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1956	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1088	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
888	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2136	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1664	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1652	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1540	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2076	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
2928	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2688	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	28
PID 2172 wrote to memory of 2688	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	28
PID 2172 wrote to memory of 2688	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	28
PID 2172 wrote to memory of 2688	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	28
PID 2172 wrote to memory of 2568	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	30
PID 2172 wrote to memory of 2568	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	30
PID 2172 wrote to memory of 2568	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	30
PID 2172 wrote to memory of 2568	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	30
PID 2688 wrote to memory of 2616	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	29
PID 2688 wrote to memory of 2616	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	29
PID 2688 wrote to memory of 2616	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	29
PID 2688 wrote to memory of 2616	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	29
PID 2568 wrote to memory of 2628	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	31
PID 2568 wrote to memory of 2628	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	31
PID 2568 wrote to memory of 2628	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	31
PID 2568 wrote to memory of 2628	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	31
PID 2172 wrote to memory of 2936	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	34
PID 2172 wrote to memory of 2936	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	34
PID 2172 wrote to memory of 2936	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	34
PID 2172 wrote to memory of 2936	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	34
PID 2688 wrote to memory of 588	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	33
PID 2688 wrote to memory of 588	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	33
PID 2688 wrote to memory of 588	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	33
PID 2688 wrote to memory of 588	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	33
PID 2616 wrote to memory of 680	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	32
PID 2616 wrote to memory of 680	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	32
PID 2616 wrote to memory of 680	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	32
PID 2616 wrote to memory of 680	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	32
PID 2628 wrote to memory of 2512	2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	35
PID 2628 wrote to memory of 2512	2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	35
PID 2628 wrote to memory of 2512	2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	35
PID 2628 wrote to memory of 2512	2628	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	35
PID 2172 wrote to memory of 1956	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	39
PID 2172 wrote to memory of 1956	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	39
PID 2172 wrote to memory of 1956	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	39
PID 2172 wrote to memory of 1956	2172	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	39
PID 2688 wrote to memory of 1088	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	38
PID 2688 wrote to memory of 1088	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	38
PID 2688 wrote to memory of 1088	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	38
PID 2688 wrote to memory of 1088	2688	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	38
PID 2936 wrote to memory of 888	2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	36
PID 2936 wrote to memory of 888	2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	36
PID 2936 wrote to memory of 888	2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	36
PID 2936 wrote to memory of 888	2936	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	36
PID 2568 wrote to memory of 2136	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	40
PID 2568 wrote to memory of 2136	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	40
PID 2568 wrote to memory of 2136	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	40
PID 2568 wrote to memory of 2136	2568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	40
PID 2616 wrote to memory of 1664	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	37
PID 2616 wrote to memory of 1664	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	37
PID 2616 wrote to memory of 1664	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	37
PID 2616 wrote to memory of 1664	2616	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	37
PID 588 wrote to memory of 1652	588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	41
PID 588 wrote to memory of 1652	588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	41
PID 588 wrote to memory of 1652	588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	41
PID 588 wrote to memory of 1652	588	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	41
PID 680 wrote to memory of 1540	680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	42
PID 680 wrote to memory of 1540	680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	42
PID 680 wrote to memory of 1540	680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	42
PID 680 wrote to memory of 1540	680	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	42
PID 2512 wrote to memory of 2076	2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	43
PID 2512 wrote to memory of 2076	2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	43
PID 2512 wrote to memory of 2076	2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	43
PID 2512 wrote to memory of 2076	2512	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        9⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:16004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:12720
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        9⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:10084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:12024
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:11728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:13280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:14528
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:12044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15024
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:9932
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:14512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:16180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:14560
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:13256
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:13176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:15104
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:15972
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:4144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:11088
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:7848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:16084
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:14888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore lesbian .zip.exe

Filesize
815KB

MD5
81730d117394a6b7a07f5d06667fe35f

SHA1
301694c6b131044b6cdb87b6642f985f61773a49

SHA256
ff7989aeb1e3b0398b456b87fffd7ca5e183c9171c1ef90ba7acb3822548098e

SHA512
9dc3e42f6c2f75e7c7840ae072f42942abee27aee961caba327bea3796cbe07686c578f34b512d1f8caa79c23e3c3a1dacb2d40223112507f5af51480a2ac564

Download Submit
memory/588-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-87-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/696-142-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/888-131-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/888-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/908-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/936-145-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/936-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/964-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1088-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1088-132-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/1088-140-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/1540-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1540-144-0x00000000046C0000-0x00000000046DF000-memory.dmp

Filesize
124KB

Download
memory/1652-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1652-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1660-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1660-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1664-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1664-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1756-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1928-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1956-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2076-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2076-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2136-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2172-61-0x0000000005660000-0x000000000567F000-memory.dmp

Filesize
124KB

Download
memory/2172-89-0x0000000004620000-0x000000000463F000-memory.dmp

Filesize
124KB

Download
memory/2172-99-0x0000000005660000-0x000000000567F000-memory.dmp

Filesize
124KB

Download
memory/2172-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2172-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2268-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2308-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2408-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2512-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2512-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2512-124-0x00000000007F0000-0x000000000080F000-memory.dmp

Filesize
124KB

Download
memory/2568-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2568-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2568-133-0x00000000045E0000-0x00000000045FF000-memory.dmp

Filesize
124KB

Download
memory/2616-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2616-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2616-127-0x00000000044F0000-0x000000000450F000-memory.dmp

Filesize
124KB

Download
memory/2616-136-0x00000000044F0000-0x000000000450F000-memory.dmp

Filesize
124KB

Download
memory/2628-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2628-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2628-117-0x00000000045F0000-0x000000000460F000-memory.dmp

Filesize
124KB

Download
memory/2688-107-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/2688-24-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2688-84-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2688-111-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2688-64-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/2688-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2688-118-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2928-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2928-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2936-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2936-101-0x0000000004510000-0x000000000452F000-memory.dmp

Filesize
124KB

Download
memory/2936-134-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2936-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2936-125-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/3048-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download