f28c1394a5fe27f6ceddfe09bd18f48cc6f9fbe206a03d61b77988831cba4cec

Analysis

max time kernel
47s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.53c53950152c3e434c1c7680c29e5060.exe
Size

466KB
MD5

53c53950152c3e434c1c7680c29e5060
SHA1

a4f3879f38ea5eb0c41436302d19636ed224f53f
SHA256

f28c1394a5fe27f6ceddfe09bd18f48cc6f9fbe206a03d61b77988831cba4cec
SHA512

4bd05da6b42824232e82f5f94a9e0725fa3428fab19b1b2f829a04a93cadf2af723f8a0de4c8da87841bf21a41d5c5f45431f1b547cc09efe40970dc5598ff77
SSDEEP

12288:JEyDMhqhXsB8cF5JXTT1WSqoislGz3GFxDUqTqZJO:JBXsB86XTBCoBl+3GWCqZJO

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000015d26-5.dat	upx
behavioral1/memory/2280-54-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2480-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2644-64-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2936-66-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2944-67-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1656-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1904-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/680-88-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2608-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2280-90-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/980-91-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2480-93-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/680-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/980-101-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/580-102-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2644-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1784-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/752-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/792-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2368-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1628-113-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2396-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1752-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2948-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1316-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2980-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1516-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2712-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2368-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2396-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2088-131-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1852-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/892-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2168-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1524-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1688-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1596-137-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1736-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2668-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2504-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1552-141-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3016-142-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1028-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-144-0x0000000000820000-0x000000000083E000-memory.dmp	upx
behavioral1/memory/1476-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1776-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2524-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2552-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2644-291-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\E:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\H:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\J:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\T:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\U:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\W:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\O:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\V:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\Z:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\A:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\G:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\I:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\M:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\R:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\S:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\X:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\K:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\L:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\N:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\P:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\Q:	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File opened (read-only)	\??\Y:	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\horse [free] balls .mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm hardcore girls circumcision .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish gay cumshot masturbation balls (Samantha,Britney).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\config\systemprofile\german blowjob horse full movie upskirt .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\System32\DriverStore\Temp\gay big ejaculation .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish fucking xxx full movie boots .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\IME\shared\gang bang masturbation hotel .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm animal full movie cock ejaculation (Samantha).rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SysWOW64\IME\shared\danish porn animal uncut latex (Karin).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian beast lingerie sleeping young (Janette).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore big ¤ã .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish cum action hidden swallow (Janette,Karin).mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish gang bang full movie .mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\french beastiality gay [milf] glans .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish lingerie full movie legs (Sylvia,Sarah).rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files\Windows Journal\Templates\nude nude several models hole hairy .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian horse lesbian 40+ .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american hardcore lesbian balls .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish gang bang [bangbus] vagina YEâPSè& .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\nude lesbian nipples .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files\Common Files\Microsoft Shared\swedish porn horse masturbation .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files\DVD Maker\Shared\russian cum girls boobs ash .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Google\Temp\french beastiality sleeping sweet .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse sperm sleeping ash granny (Melissa).avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay several models 50+ .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian nude [free] YEâPSè& .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\Downloaded Program Files\chinese nude public .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beastiality public .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\SoftwareDistribution\Download\italian beastiality blowjob masturbation femdom .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian beast [free] swallow .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\temp\lingerie lesbian .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african kicking xxx hidden bedroom .mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake public 50+ .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cum hardcore big boobs wifey .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\nude licking boobs high heels .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cumshot sleeping blondie (Curtney).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian gang bang sleeping boots .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gay gang bang voyeur .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lingerie horse full movie girly (Christine).mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\PLA\Templates\french blowjob [milf] nipples .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\security\templates\horse gay public swallow .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\cumshot girls feet (Kathrin).avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bukkake big latex .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\blowjob blowjob girls ash .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx big hairy (Jade).rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american fucking porn licking .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish gang bang several models (Sonja,Anniston).avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\tmp\african beast public swallow (Jenna,Curtney).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\mssrv.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish beastiality catfight mistress .rar.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling several models feet beautyfull (Liz).zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\french xxx horse hot (!) shower .zip.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie several models bedroom .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie sleeping mature .mpeg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish beastiality kicking hot (!) .avi.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beast lesbian ash (Liz).mpg.exe	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe
680	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe
980	NEAS.53c53950152c3e434c1c7680c29e5060.exe
580	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1784	NEAS.53c53950152c3e434c1c7680c29e5060.exe
752	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
792	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1628	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1752	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2980	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1516	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe
680	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2712	NEAS.53c53950152c3e434c1c7680c29e5060.exe
980	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2368	NEAS.53c53950152c3e434c1c7680c29e5060.exe
580	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2396	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2396	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1944	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1944	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2948	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2948	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1784	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1784	NEAS.53c53950152c3e434c1c7680c29e5060.exe
752	NEAS.53c53950152c3e434c1c7680c29e5060.exe
752	NEAS.53c53950152c3e434c1c7680c29e5060.exe
792	NEAS.53c53950152c3e434c1c7680c29e5060.exe
792	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1316	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1316	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1628	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1628	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1852	NEAS.53c53950152c3e434c1c7680c29e5060.exe
1852	NEAS.53c53950152c3e434c1c7680c29e5060.exe
892	NEAS.53c53950152c3e434c1c7680c29e5060.exe
892	NEAS.53c53950152c3e434c1c7680c29e5060.exe
2088	NEAS.53c53950152c3e434c1c7680c29e5060.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2608	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	29
PID 2644 wrote to memory of 2608	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	29
PID 2644 wrote to memory of 2608	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	29
PID 2644 wrote to memory of 2608	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	29
PID 2608 wrote to memory of 2280	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	30
PID 2608 wrote to memory of 2280	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	30
PID 2608 wrote to memory of 2280	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	30
PID 2608 wrote to memory of 2280	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	30
PID 2644 wrote to memory of 2480	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	31
PID 2644 wrote to memory of 2480	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	31
PID 2644 wrote to memory of 2480	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	31
PID 2644 wrote to memory of 2480	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	31
PID 2480 wrote to memory of 1656	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	34
PID 2480 wrote to memory of 1656	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	34
PID 2480 wrote to memory of 1656	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	34
PID 2480 wrote to memory of 1656	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	34
PID 2280 wrote to memory of 2936	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	33
PID 2280 wrote to memory of 2936	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	33
PID 2280 wrote to memory of 2936	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	33
PID 2280 wrote to memory of 2936	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	33
PID 2608 wrote to memory of 2944	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	32
PID 2608 wrote to memory of 2944	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	32
PID 2608 wrote to memory of 2944	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	32
PID 2608 wrote to memory of 2944	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	32
PID 2644 wrote to memory of 1904	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	35
PID 2644 wrote to memory of 1904	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	35
PID 2644 wrote to memory of 1904	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	35
PID 2644 wrote to memory of 1904	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	35
PID 2480 wrote to memory of 680	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	36
PID 2480 wrote to memory of 680	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	36
PID 2480 wrote to memory of 680	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	36
PID 2480 wrote to memory of 680	2480	NEAS.53c53950152c3e434c1c7680c29e5060.exe	36
PID 2608 wrote to memory of 980	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	37
PID 2608 wrote to memory of 980	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	37
PID 2608 wrote to memory of 980	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	37
PID 2608 wrote to memory of 980	2608	NEAS.53c53950152c3e434c1c7680c29e5060.exe	37
PID 2280 wrote to memory of 580	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	38
PID 2280 wrote to memory of 580	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	38
PID 2280 wrote to memory of 580	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	38
PID 2280 wrote to memory of 580	2280	NEAS.53c53950152c3e434c1c7680c29e5060.exe	38
PID 2936 wrote to memory of 1784	2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe	39
PID 2936 wrote to memory of 1784	2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe	39
PID 2936 wrote to memory of 1784	2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe	39
PID 2936 wrote to memory of 1784	2936	NEAS.53c53950152c3e434c1c7680c29e5060.exe	39
PID 1904 wrote to memory of 752	1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe	40
PID 1904 wrote to memory of 752	1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe	40
PID 1904 wrote to memory of 752	1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe	40
PID 1904 wrote to memory of 752	1904	NEAS.53c53950152c3e434c1c7680c29e5060.exe	40
PID 1656 wrote to memory of 792	1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe	41
PID 1656 wrote to memory of 792	1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe	41
PID 1656 wrote to memory of 792	1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe	41
PID 1656 wrote to memory of 792	1656	NEAS.53c53950152c3e434c1c7680c29e5060.exe	41
PID 2644 wrote to memory of 1628	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	43
PID 2644 wrote to memory of 1628	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	43
PID 2644 wrote to memory of 1628	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	43
PID 2644 wrote to memory of 1628	2644	NEAS.53c53950152c3e434c1c7680c29e5060.exe	43
PID 2944 wrote to memory of 1752	2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe	42
PID 2944 wrote to memory of 1752	2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe	42
PID 2944 wrote to memory of 1752	2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe	42
PID 2944 wrote to memory of 1752	2944	NEAS.53c53950152c3e434c1c7680c29e5060.exe	42
PID 680 wrote to memory of 2980	680	NEAS.53c53950152c3e434c1c7680c29e5060.exe	45
PID 680 wrote to memory of 2980	680	NEAS.53c53950152c3e434c1c7680c29e5060.exe	45
PID 680 wrote to memory of 2980	680	NEAS.53c53950152c3e434c1c7680c29e5060.exe	45
PID 680 wrote to memory of 2980	680	NEAS.53c53950152c3e434c1c7680c29e5060.exe	45

C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        8⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:11388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:13200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:13100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:15764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:8356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:13164
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:14036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:14100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:14492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:10260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:6760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:14016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:11820
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        6⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12420
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:6164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:12748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:15548
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:15004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:10192
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:5476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:15588
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
      4⤵
      PID:12368
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:6704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:14024
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:3124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:7376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
    3⤵
    PID:11356
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:4380
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:6264
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:11280
- C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.53c53950152c3e434c1c7680c29e5060.exe"
  2⤵
  PID:15748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american hardcore lesbian balls .zip.exe

Filesize
1.3MB

MD5
74aa4075ed4787308b0f9a7debc88448

SHA1
facec76b43c113ecb2a0d0ee8473060795fcfc7b

SHA256
8354fd8d412e49c2bc287b0d1ca351e91358f4cbd204bbb943c9c167102e93f5

SHA512
ec42b15776341c31c1e1bbe31abf4be233e48ba54eb296677a6d5bdd95e86d40aad5eca7b2a00a78d5772c461c335b901292c1e83770171d98ee0afc61c0a6cb

Download Submit
memory/580-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/580-126-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/580-111-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/680-88-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/680-119-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/680-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/752-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/792-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/892-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/980-124-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/980-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/980-108-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/980-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1028-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1316-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1476-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1516-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1524-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1552-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1596-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1628-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1656-123-0x0000000001FA0000-0x0000000001FBE000-memory.dmp

Filesize
120KB

Download
memory/1656-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1688-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1736-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1752-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1776-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1784-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1852-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-144-0x0000000000820000-0x000000000083E000-memory.dmp

Filesize
120KB

Download
memory/1944-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2088-131-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2168-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-54-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2368-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2368-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2396-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2396-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2480-106-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2480-121-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2480-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2480-94-0x0000000004450000-0x000000000446E000-memory.dmp

Filesize
120KB

Download
memory/2480-93-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2504-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2524-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2552-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2608-53-0x0000000001E80000-0x0000000001E9E000-memory.dmp

Filesize
120KB

Download
memory/2608-65-0x0000000004610000-0x000000000462E000-memory.dmp

Filesize
120KB

Download
memory/2608-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-64-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-92-0x0000000001DF0000-0x0000000001E0E000-memory.dmp

Filesize
120KB

Download
memory/2644-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2668-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2936-104-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/2936-127-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/2936-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2944-109-0x0000000001D80000-0x0000000001D9E000-memory.dmp

Filesize
120KB

Download
memory/2944-67-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2980-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3016-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download