76d844af41ad2b2c74b955356bca0d28ac794c8a8f62c44aebdbb5dac6a691a2

Analysis

max time kernel
35s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
Size

835KB
MD5

8123eeb92f2dc7cdd931fc72d85098fe
SHA1

3b6904fc14c5a8f7f087ca04f840a1a4e3a8e476
SHA256

76d844af41ad2b2c74b955356bca0d28ac794c8a8f62c44aebdbb5dac6a691a2
SHA512

17431798215467a7115fb256aa327411721ad8906a4d8752a46d2b19cac59bda04eafc3b554860a0e2e13a989c267df83059b68a3f38f97cc26b5c947b3a1b3b
SSDEEP

12288:VEQoSm9EfpKdUpXjhQw4cO1EB/U8ACjAtj7kIpbazj1NPy/t6g/uHCbYRRnUnp:V1BdrQgUrikkIpba/1HgGj4p

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4460-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x0006000000022e61-5.dat	upx
behavioral2/memory/2344-12-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/644-15-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4584-16-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4460-17-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4304-18-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4740-19-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5044-20-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2848-21-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1564-22-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2912-23-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1404-25-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/644-26-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4972-27-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2344-24-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1184-28-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4584-29-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3472-30-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/632-31-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4180-40-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4740-39-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5044-41-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4268-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/212-47-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2848-51-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2536-52-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4952-56-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1564-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2240-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1460-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2236-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4204-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3812-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4640-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1800-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2912-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5196-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5248-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5204-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1404-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1184-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5212-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5280-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5372-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3472-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5436-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5452-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5444-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/632-87-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5536-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4268-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5552-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4180-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/212-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2536-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5612-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5656-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5768-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5744-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1460-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5648-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5900-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/6052-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\L:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\U:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\G:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\H:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\I:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\P:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\Z:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\Y:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\K:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\N:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\O:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\S:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\T:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\X:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\V:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\W:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\B:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\E:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\J:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\M:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\Q:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File opened (read-only)	\??\R:	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Updates\Download\russian fetish blowjob licking pregnant .zip.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish cumshot fucking [milf] cock black hairunshaved (Tatjana).mpg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian handjob hardcore catfight .mpeg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast public feet .avi.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling public cock upskirt (Karin).mpg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm big shower .mpeg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese gang bang trambling voyeur .mpeg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish kicking blowjob uncut feet beautyfull .avi.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black kicking blowjob uncut femdom .rar.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian girls penetration .mpeg.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4584	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4584	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4304	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4304	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4740	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
4740	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
5044	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
5044	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2848	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
2848	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 2344	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	92
PID 4460 wrote to memory of 2344	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	92
PID 4460 wrote to memory of 2344	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	92
PID 4460 wrote to memory of 644	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	93
PID 4460 wrote to memory of 644	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	93
PID 4460 wrote to memory of 644	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	93
PID 2344 wrote to memory of 4584	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	94
PID 2344 wrote to memory of 4584	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	94
PID 2344 wrote to memory of 4584	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	94
PID 4460 wrote to memory of 4304	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	95
PID 4460 wrote to memory of 4304	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	95
PID 4460 wrote to memory of 4304	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	95
PID 644 wrote to memory of 4740	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	96
PID 644 wrote to memory of 4740	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	96
PID 644 wrote to memory of 4740	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	96
PID 2344 wrote to memory of 5044	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	97
PID 2344 wrote to memory of 5044	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	97
PID 2344 wrote to memory of 5044	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	97
PID 4584 wrote to memory of 2848	4584	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	99
PID 4584 wrote to memory of 2848	4584	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	99
PID 4584 wrote to memory of 2848	4584	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	99
PID 4460 wrote to memory of 1564	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	100
PID 4460 wrote to memory of 1564	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	100
PID 4460 wrote to memory of 1564	4460	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	100
PID 4304 wrote to memory of 3812	4304	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	101
PID 4304 wrote to memory of 3812	4304	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	101
PID 4304 wrote to memory of 3812	4304	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	101
PID 644 wrote to memory of 2912	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	102
PID 644 wrote to memory of 2912	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	102
PID 644 wrote to memory of 2912	644	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	102
PID 2344 wrote to memory of 1404	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	103
PID 2344 wrote to memory of 1404	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	103
PID 2344 wrote to memory of 1404	2344	NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe	103

C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:15292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:16132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:14420
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        7⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:16004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:12576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:13948
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:3640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:13864
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:1564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:14112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:14388
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:13744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:14620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:9256
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:13800
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:5372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
      4⤵
      PID:16268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:13680
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:6236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:14912
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:7836
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
    3⤵
    PID:2360
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:10208
- C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8123eeb92f2dc7cdd931fc72d85098fe.exe"
  2⤵
  PID:13688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling public cock upskirt (Karin).mpg.exe

Filesize
1.5MB

MD5
2ea45c655916caddc217453be6369804

SHA1
2ba32ebc78d61d37348ce6e2ea354b84db0facae

SHA256
897e4fab97dde7bd06d8ee8597b0f85db6c637c59739dccf83be88de36d60868

SHA512
06c327f7eed406b045b076fbef5878f0fdcbdc1c358fec1c4e4d6b22b636a58aff973aa566cd7f099962bb0fc80d73fb4e76f14883632f65ff8c94dfd5318a34

Download Submit
memory/212-47-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/212-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/632-87-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/632-31-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/644-15-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/644-26-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1184-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1184-28-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1404-25-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1404-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1460-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1460-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1564-22-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1564-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1800-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2236-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2240-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-12-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-24-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2536-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2536-52-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2848-51-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2848-21-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2912-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2912-23-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3472-30-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3472-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3812-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4180-40-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4180-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4204-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4268-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4268-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4304-18-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4460-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4460-17-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4584-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4584-29-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4640-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4740-39-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4740-19-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4952-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4972-27-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5044-20-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5044-41-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5196-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5204-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5212-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5248-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5280-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5372-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5436-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5444-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5452-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5536-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5552-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5612-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5648-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5656-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5744-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5768-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5900-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6052-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6060-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download