5c0b043ba5d2a716910669d8afd3aa16ae28769ffb8f80025c3274f51473f644

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
Size

766KB
MD5

5809d3c96db85798b7d3d5024b2758e1
SHA1

0ed5cbbfef3c3d2510c4b3fbaa37e14a678ca721
SHA256

5c0b043ba5d2a716910669d8afd3aa16ae28769ffb8f80025c3274f51473f644
SHA512

5c84e6b1964b9d7a7fda41034772c48557340a880b37402492330ace7d9fcebdb8e9c50d11bb1c11c53603c7c172f2fa459f31e1c4e807bd1420292bc2ddf7d3
SSDEEP

12288:YEQoSpqh17Lqd0Hnzw9egihrFggt57GWtkncfbk3A4wioOgS6G13nIoUHOsExOjg:YilK2n89/8rFggt8Wacg3NvoC4oUN0HJ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3368-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x0006000000022d46-5.dat	upx
behavioral2/memory/1784-10-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4724-14-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2428-19-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3368-39-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2248-40-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2780-41-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4572-42-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2184-43-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1784-45-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1764-46-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4540-47-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4724-48-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4388-49-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2428-50-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4848-51-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3176-52-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1264-53-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2248-54-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4996-55-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2780-56-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1076-57-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4572-58-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1400-59-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2184-64-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4312-66-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1324-65-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1764-83-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3500-84-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/908-86-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1380-87-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4392-89-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4748-90-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2080-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2468-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4472-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4388-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5104-100-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4848-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4912-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1440-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2084-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3176-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4540-91-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3332-88-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4592-129-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5256-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5336-148-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1264-152-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5268-165-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5456-170-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5600-172-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4836-162-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3544-158-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5616-177-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5640-178-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5860-179-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5812-181-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5976-186-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6056-276-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6100-327-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5164-367-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5124-400-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\K:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\N:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\A:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\E:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\V:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\B:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\T:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\M:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\O:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\R:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\S:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\W:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\Y:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\G:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\J:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\Z:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\P:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\Q:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\U:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\X:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\I:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File opened (read-only)	\??\L:	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\black cumshot beast licking hole (Kathrin,Melissa).mpg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm big feet lady .rar.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian handjob trambling hot (!) upskirt .mpg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian horse sperm several models 40+ .rar.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese beastiality sperm big castration (Sandy,Sylvia).zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob [free] hole .mpg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian gang bang beast licking .zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish handjob horse hot (!) titts girly (Melissa).rar.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling licking glans castration (Samantha).zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish horse gay catfight feet 50+ .zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black horse trambling uncut young .zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast [bangbus] .mpg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish horse xxx [bangbus] stockings .rar.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian masturbation hole shower (Liz).mpeg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Microsoft\Temp\beast hidden .mpg.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling hidden gorgeoushorny .rar.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse uncut ejaculation .zip.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
4724	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
4724	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
2428	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
2428	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
2248	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
2248	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1784	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	87
PID 3368 wrote to memory of 1784	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	87
PID 3368 wrote to memory of 1784	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	87
PID 3368 wrote to memory of 4724	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	88
PID 3368 wrote to memory of 4724	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	88
PID 3368 wrote to memory of 4724	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	88
PID 1784 wrote to memory of 2428	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	89
PID 1784 wrote to memory of 2428	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	89
PID 1784 wrote to memory of 2428	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	89
PID 3368 wrote to memory of 2248	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	90
PID 3368 wrote to memory of 2248	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	90
PID 3368 wrote to memory of 2248	3368	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	90
PID 4724 wrote to memory of 2780	4724	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	91
PID 4724 wrote to memory of 2780	4724	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	91
PID 4724 wrote to memory of 2780	4724	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	91
PID 1784 wrote to memory of 4572	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	92
PID 1784 wrote to memory of 4572	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	92
PID 1784 wrote to memory of 4572	1784	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	92
PID 2428 wrote to memory of 2184	2428	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	93
PID 2428 wrote to memory of 2184	2428	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	93
PID 2428 wrote to memory of 2184	2428	NEAS.5809d3c96db85798b7d3d5024b2758e1.exe	93

C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        7⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:11124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:11904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:13816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:14012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:7928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10664
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:3744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:12704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:13488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:9000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:12164
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:11912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:12064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:11220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:13700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:9952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:12964
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:1764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:10692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:9404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:12548
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:1400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
        5⤵
        
        PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:13232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
      4⤵
      PID:5064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:7712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:12616
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:7920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:14272
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:5164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:10660
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
    3⤵
    PID:13480
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:9340
- C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.5809d3c96db85798b7d3d5024b2758e1.exe"
  2⤵
  PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling licking glans castration (Samantha).zip.exe

Filesize
1.0MB

MD5
7402c599ba9dd873008da9ebbfae18cc

SHA1
88088966cec3d7a84ddf98f3504aa86735c75daa

SHA256
dd40afd8b5dc6ae36e810cfe1b23a9cb540df8b56c9c008c0a41421f2f93ef6b

SHA512
1852b57775252658e41b6faac0bc3f7b81cfa2a63005ace186b4c38d25bc5abf8b91cdad230d2994f491b0abba62f3332c768483d64096f2a87d31302f35604b

Download Submit
memory/908-86-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1076-57-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-53-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1324-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1380-87-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1400-59-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1440-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1764-83-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1764-46-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1784-45-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1784-10-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2080-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2084-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2184-43-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2184-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2248-54-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2248-40-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2428-50-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2428-19-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2468-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2780-56-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2780-41-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3176-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3176-52-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3332-88-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3368-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3368-39-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3500-84-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3544-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4312-66-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4388-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4388-49-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4392-89-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4472-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4540-47-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4540-91-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4572-58-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4572-42-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4592-129-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4724-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4724-48-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4748-90-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4836-162-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4848-51-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4848-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4912-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4996-55-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5104-100-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5124-400-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5164-367-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5256-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5268-165-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5336-148-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5456-170-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5600-172-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5616-177-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5640-178-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5812-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5860-179-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5976-186-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6056-276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6100-327-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download