99d1db58b7c6783698e0398020fd1ea3d5f85c2613a363f06ba029a2350ed26f

Analysis

max time kernel
18s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Size

1.7MB
MD5

2ebe29efaeb7705758ea26addaa843d0
SHA1

51f00c1d5835845a6653f530cb467c69017512d7
SHA256

99d1db58b7c6783698e0398020fd1ea3d5f85c2613a363f06ba029a2350ed26f
SHA512

2cdb5c25704c65dd05145c6b7aef31afc4580dabcd58941b9e88680590d0e3d1b716f7cdf41c46db4db48b71fa956a67918fd345e7c7ff9cbe8b1fc11106eeaa
SSDEEP

49152:9Ov+WbjDazy70GOHoWwaL6GdlDUWlWnoUJVFVOXub7:grSy70fH/wa3TP4ouVFVZ3

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\G:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\R:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\J:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\K:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\M:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\O:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\B:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\E:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\H:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\I:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\P:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\S:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\U:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\V:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\W:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\X:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\L:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\N:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\Q:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\T:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\Y:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File opened (read-only)	\??\Z:	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\xxx [bangbus] hairy (Britney).mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american animal licking pregnant .avi.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian lesbian gay [milf] ejaculation .rar.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie porn [bangbus] penetration (Sarah).avi.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast [bangbus] hairy .mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse lingerie girls sm .avi.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Google\Temp\french kicking animal big sweet .zip.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian hardcore porn masturbation hairy .avi.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african trambling blowjob uncut cock .mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse uncut .mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake [bangbus] .avi.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian trambling hidden bedroom .mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian nude nude big pregnant .mpeg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\canadian hardcore voyeur (Kathrin).mpeg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese blowjob blowjob licking (Tatjana,Sonja).zip.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian cum full movie mistress (Sonja).mpeg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\chinese blowjob fucking masturbation (Anniston).mpeg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\french gay beast catfight .mpeg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking bukkake hidden mature .mpg.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african fetish voyeur shoes (Jenna,Janette).zip.exe	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4448	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4448	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4724	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4724	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4080	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4080	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4480	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4480	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4996	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4996	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4600	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
4600	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
3656	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
3656	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1232	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	89
PID 2928 wrote to memory of 1232	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	89
PID 2928 wrote to memory of 1232	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	89
PID 2928 wrote to memory of 1264	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	92
PID 2928 wrote to memory of 1264	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	92
PID 2928 wrote to memory of 1264	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	92
PID 1232 wrote to memory of 1660	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	93
PID 1232 wrote to memory of 1660	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	93
PID 1232 wrote to memory of 1660	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	93
PID 2928 wrote to memory of 1112	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	94
PID 2928 wrote to memory of 1112	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	94
PID 2928 wrote to memory of 1112	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	94
PID 1232 wrote to memory of 4448	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	95
PID 1232 wrote to memory of 4448	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	95
PID 1232 wrote to memory of 4448	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	95
PID 1264 wrote to memory of 4724	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	96
PID 1264 wrote to memory of 4724	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	96
PID 1264 wrote to memory of 4724	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	96
PID 1660 wrote to memory of 4080	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	97
PID 1660 wrote to memory of 4080	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	97
PID 1660 wrote to memory of 4080	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	97
PID 2928 wrote to memory of 4660	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	100
PID 2928 wrote to memory of 4660	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	100
PID 2928 wrote to memory of 4660	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	100
PID 1232 wrote to memory of 4480	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	101
PID 1232 wrote to memory of 4480	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	101
PID 1232 wrote to memory of 4480	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	101
PID 1264 wrote to memory of 4996	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	102
PID 1264 wrote to memory of 4996	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	102
PID 1264 wrote to memory of 4996	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	102
PID 1112 wrote to memory of 4600	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	103
PID 1112 wrote to memory of 4600	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	103
PID 1112 wrote to memory of 4600	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	103
PID 1660 wrote to memory of 3656	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	104
PID 1660 wrote to memory of 3656	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	104
PID 1660 wrote to memory of 3656	1660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	104
PID 4448 wrote to memory of 2256	4448	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	105
PID 4448 wrote to memory of 2256	4448	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	105
PID 4448 wrote to memory of 2256	4448	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	105
PID 4080 wrote to memory of 3004	4080	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	106
PID 4080 wrote to memory of 3004	4080	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	106
PID 4080 wrote to memory of 3004	4080	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	106
PID 4724 wrote to memory of 2588	4724	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	107
PID 4724 wrote to memory of 2588	4724	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	107
PID 4724 wrote to memory of 2588	4724	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	107
PID 2928 wrote to memory of 4132	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	110
PID 2928 wrote to memory of 4132	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	110
PID 2928 wrote to memory of 4132	2928	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	110
PID 4660 wrote to memory of 4552	4660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	111
PID 4660 wrote to memory of 4552	4660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	111
PID 4660 wrote to memory of 4552	4660	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	111
PID 1232 wrote to memory of 3960	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	112
PID 1232 wrote to memory of 3960	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	112
PID 1232 wrote to memory of 3960	1232	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	112
PID 1264 wrote to memory of 2232	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	113
PID 1264 wrote to memory of 2232	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	113
PID 1264 wrote to memory of 2232	1264	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	113
PID 1112 wrote to memory of 4296	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	114
PID 1112 wrote to memory of 4296	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	114
PID 1112 wrote to memory of 4296	1112	NEAS.2ebe29efaeb7705758ea26addaa843d0.exe	114

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:14844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16140
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
        5⤵
        
        PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:14800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16148
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:14820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:6968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16124
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:7880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:10268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:12888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16116
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:9304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:14768
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16472
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:5612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:10016
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:5848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:10392
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:6672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16500
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:7180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:10296
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:7760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:8672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:11664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:16248
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:8220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
    3⤵
    PID:3868
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:10704
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2ebe29efaeb7705758ea26addaa843d0.exe"
  2⤵
  PID:14760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian lesbian gay [milf] ejaculation .rar.exe

Filesize
524KB

MD5
0df42ef31c5194b19c93994c0808da58

SHA1
4f4588bd1545651b423c192865e7dcb9f3dc7ac6

SHA256
9d996ecf9215c4d1e73874c9e72325bdbc7eae6750ac5cc33ad8400dd370ace6

SHA512
78e51a5f2aa6feae4d42e24b93b3591ccf6ebe6b6c18121c65f49c57da3f0d2eeea0ea117af91c7b2ca47340a36f94529abb8235cbed92ce5ce90959c4053e58

Download Submit
memory/668-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1112-25-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1112-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1232-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1264-21-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1264-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1660-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2020-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2232-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2588-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2824-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3656-82-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4080-27-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4296-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4448-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4480-63-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4488-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4600-76-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4724-26-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4756-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4896-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4940-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4996-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5384-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5516-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5820-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5848-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5916-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5936-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6044-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6056-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6232-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6344-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6400-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6456-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6600-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6672-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7116-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7124-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7180-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7288-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7312-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7368-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7444-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7512-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7576-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7632-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7640-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7760-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7816-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7864-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7924-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7932-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8012-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8060-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8116-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8188-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download