b585dc6b614a57790662834bf22c9a9b23fb1d1e8bc48cfd2cad308bf25af5ad

Analysis

max time kernel
20s
max time network
132s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 14:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
Size

257KB
MD5

20b7067b7ab99a8b36f3e8dc5b3834f0
SHA1

72f7cf1d91c075fef111953dc8955ea6490f7eac
SHA256

b585dc6b614a57790662834bf22c9a9b23fb1d1e8bc48cfd2cad308bf25af5ad
SHA512

4caa6c404ff1a2814c4aeab144eb572cb0a7b389059156f9b1701481fb8c427985bbd8a73d2b701e1879e658bf9369c92d6b8b4c66a2a89300d368e1b23d4431
SSDEEP

6144:sPDLCL9Io5R4nM/40yZuEdA7JDPCt63vWaJUrtGTm/7wkCEibRe1EYw:sPKLXqhxdQVPCI/WaEtd/7aVbR+w

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1272-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0008000000018b20-5.dat	upx
behavioral1/memory/2580-11-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1272-55-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3004-65-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1272-66-0x0000000004AD0000-0x0000000004AEC000-memory.dmp	upx
behavioral1/memory/524-67-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1484-68-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\G:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\H:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\N:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\O:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\S:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\I:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\J:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\P:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\R:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\U:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\V:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\W:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\Z:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\B:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\K:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\L:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\M:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\T:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\X:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\Y:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\E:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File opened (read-only)	\??\Q:	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\malaysia fetish catfight mature .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian cum sleeping beautyfull (Britney,Tatjana).mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish cum public high heels .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx gang bang licking glans upskirt .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\SysWOW64\IME\shared\asian cum big swallow .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cumshot several models sm .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\black horse beastiality public (Sonja,Sarah).rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm cum hidden redhair (Britney).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese hardcore big beautyfull .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\german cumshot blowjob licking hole lady (Sylvia).mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm cum public .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files\Windows Journal\Templates\japanese blowjob horse [free] titts gorgeoushorny .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\nude beastiality public ash .avi.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fetish big shoes .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast lesbian titts redhair .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black sperm beast licking ash (Gina,Samantha).avi.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\indian beastiality [free] (Tatjana).zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\african hardcore blowjob licking glans (Anniston,Sarah).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files\DVD Maker\Shared\nude beast several models upskirt .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Google\Temp\asian horse big .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese hardcore action masturbation fishy .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\tyrkish horse public beautyfull .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn uncut fishy .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse handjob [free] .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\nude sleeping hole wifey .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\Downloaded Program Files\canadian handjob hardcore [free] shower .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\fetish beast [bangbus] cock traffic .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish trambling gay [milf] (Samantha).avi.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\asian hardcore licking legs fishy (Samantha,Curtney).rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking catfight titts castration .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian nude fucking [free] legs .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\african sperm fetish lesbian (Kathrin).rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish blowjob fucking full movie glans shoes .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\security\templates\german lingerie several models .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish lesbian action hidden redhair (Gina,Gina).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia gay bukkake girls .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\nude sleeping black hairunshaved (Anniston).zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie fucking [free] .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american horse [free] ash mature (Samantha,Christine).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\SoftwareDistribution\Download\german lingerie beastiality catfight .zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\handjob lesbian mistress .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast fetish lesbian ash granny .avi.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse bukkake [milf] nipples latex (Sandy,Sylvia).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian horse sleeping gorgeoushorny .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american horse gay voyeur (Sonja).zip.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\mssrv.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\beastiality voyeur .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese cum masturbation (Sonja).mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\tmp\lesbian [free] upskirt .mpeg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\PLA\Templates\xxx voyeur redhair .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\handjob hidden vagina leather .mpg.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\german horse hidden legs redhair .rar.exe	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1920	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1928	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2476	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1712	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2900	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2432	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
788	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2908	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1600	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1948	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1892	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1596	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1920	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
460	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
788	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2264	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2676	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1712	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2244	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2352	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2900	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1784	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2836	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1776	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1684	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1728	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2476	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1928	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2432	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
2312	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
1092	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2580	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	28
PID 1272 wrote to memory of 2580	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	28
PID 1272 wrote to memory of 2580	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	28
PID 1272 wrote to memory of 2580	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	28
PID 1272 wrote to memory of 2536	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	29
PID 1272 wrote to memory of 2536	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	29
PID 1272 wrote to memory of 2536	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	29
PID 1272 wrote to memory of 2536	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	29
PID 2580 wrote to memory of 2708	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	30
PID 2580 wrote to memory of 2708	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	30
PID 2580 wrote to memory of 2708	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	30
PID 2580 wrote to memory of 2708	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	30
PID 2708 wrote to memory of 3004	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	34
PID 2708 wrote to memory of 3004	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	34
PID 2708 wrote to memory of 3004	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	34
PID 2708 wrote to memory of 3004	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	34
PID 2536 wrote to memory of 524	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	31
PID 2536 wrote to memory of 524	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	31
PID 2536 wrote to memory of 524	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	31
PID 2536 wrote to memory of 524	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	31
PID 1272 wrote to memory of 2000	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	32
PID 1272 wrote to memory of 2000	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	32
PID 1272 wrote to memory of 2000	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	32
PID 1272 wrote to memory of 2000	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	32
PID 2580 wrote to memory of 1484	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	33
PID 2580 wrote to memory of 1484	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	33
PID 2580 wrote to memory of 1484	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	33
PID 2580 wrote to memory of 1484	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	33
PID 2708 wrote to memory of 1928	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	42
PID 2708 wrote to memory of 1928	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	42
PID 2708 wrote to memory of 1928	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	42
PID 2708 wrote to memory of 1928	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	42
PID 3004 wrote to memory of 1920	3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	41
PID 3004 wrote to memory of 1920	3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	41
PID 3004 wrote to memory of 1920	3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	41
PID 3004 wrote to memory of 1920	3004	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	41
PID 524 wrote to memory of 2476	524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	35
PID 524 wrote to memory of 2476	524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	35
PID 524 wrote to memory of 2476	524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	35
PID 524 wrote to memory of 2476	524	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	35
PID 2536 wrote to memory of 2900	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	39
PID 2536 wrote to memory of 2900	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	39
PID 2536 wrote to memory of 2900	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	39
PID 2536 wrote to memory of 2900	2536	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	39
PID 1272 wrote to memory of 1712	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	38
PID 1272 wrote to memory of 1712	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	38
PID 1272 wrote to memory of 1712	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	38
PID 1272 wrote to memory of 1712	1272	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	38
PID 2580 wrote to memory of 2432	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	36
PID 2580 wrote to memory of 2432	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	36
PID 2580 wrote to memory of 2432	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	36
PID 2580 wrote to memory of 2432	2580	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	36
PID 1484 wrote to memory of 788	1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	40
PID 1484 wrote to memory of 788	1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	40
PID 1484 wrote to memory of 788	1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	40
PID 1484 wrote to memory of 788	1484	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	40
PID 2000 wrote to memory of 2004	2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	37
PID 2000 wrote to memory of 2004	2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	37
PID 2000 wrote to memory of 2004	2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	37
PID 2000 wrote to memory of 2004	2000	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	37
PID 2708 wrote to memory of 1600	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	43
PID 2708 wrote to memory of 1600	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	43
PID 2708 wrote to memory of 1600	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	43
PID 2708 wrote to memory of 1600	2708	NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        9⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        9⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:13632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:13776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:8984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:8880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:14908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:10832
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:13752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:9196
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:8992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:17132
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:10324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:8328
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        5⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
        6⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:8532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:12472
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
      4⤵
      PID:6676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:16700
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:9468
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  PID:6116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:13712
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  PID:7956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
    3⤵
    PID:6808
- C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.20b7067b7ab99a8b36f3e8dc5b3834f0.exe"
  2⤵
  PID:17116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\nude beastiality public ash .avi.exe

Filesize
613KB

MD5
3c00d20d1d8d3113f0e7303539ff9e22

SHA1
c70121c39a5b7654c55f903097c37bf5b3150fd2

SHA256
7d9dd55f1d59d65fbffd85e238a9dc39d158224c284503ed5ff33bfd19f1b46b

SHA512
450e91232e9b5df62a8e8128348467bd3d5dc8b0a8535b087d8c782e5043acccd8bde11bcf84d8759e2f70b372d41faae6191a5a411256a266a6f707cd8c7417

Download Submit
memory/524-67-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1272-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1272-10-0x0000000004AD0000-0x0000000004AEC000-memory.dmp

Filesize
112KB

Download
memory/1272-53-0x0000000005320000-0x000000000533C000-memory.dmp

Filesize
112KB

Download
memory/1272-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1272-66-0x0000000004AD0000-0x0000000004AEC000-memory.dmp

Filesize
112KB

Download
memory/1484-68-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2580-11-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2580-54-0x0000000004940000-0x000000000495C000-memory.dmp

Filesize
112KB

Download
memory/2708-64-0x00000000044A0000-0x00000000044BC000-memory.dmp

Filesize
112KB

Download
memory/3004-65-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download