de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4

Analysis

max time kernel
11s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
Size

918KB
MD5

449cd0af42dcd2d9bf2b3e0bf44e2000
SHA1

c942821020ba22930800e4a24f39a6611e2a0ea3
SHA256

de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4
SHA512

61d6f8218d0ea02dbc5f3a1eb3d38caf3b61e96e463c21c37f82645823348df2ac90bd673c2d9df1cf63a68d13f8dfce72ad8ec730637b717efbc5c4fb93d2ee
SSDEEP

12288:VEQoSfqTGAZBhImCzVM9uKR+UPDJnawML/YsInbN6GCRUooCAMITJN9SUtqLqWVP:VezdCBjKoUPDgwM8ssJ6G9MIEUczl

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000018b70-5.dat	upx
behavioral1/memory/2184-24-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2712-60-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2936-62-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2692-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2116-70-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3020-72-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2184-90-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2704-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2712-91-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2936-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2640-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1876-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2784-97-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2704-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1744-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2116-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3012-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1652-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/324-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/936-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1876-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1296-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1328-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1448-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1336-137-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/476-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/780-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/268-141-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1996-142-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1640-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/340-144-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1880-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2140-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1400-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1664-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/956-151-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1288-153-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/308-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3068-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2348-160-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1624-162-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\U:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\A:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\G:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\P:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\O:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Q:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\T:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Y:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\J:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\L:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\N:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\I:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\K:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\M:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\S:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\W:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\B:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\E:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\H:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\V:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\X:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Z:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality xxx [milf] stockings (Tatjana,Christine).rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\System32\DriverStore\Temp\nude [milf] mistress (Sonja).zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\SysWOW64\FxsTmp\kicking gay licking .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\SysWOW64\IME\shared\russian cumshot xxx public (Sandy,Melissa).mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake hot (!) ash (Sonja).mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\SysWOW64\config\systemprofile\african bukkake uncut ejaculation .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\asian horse hardcore [milf] castration (Jenna,Sonja).zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling voyeur ash .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\norwegian lesbian beast full movie .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african fucking girls beautyfull .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian cum several models cock fishy .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish trambling hidden hotel .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian xxx public vagina .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Google\Temp\italian sperm [bangbus] hole (Kathrin,Sarah).mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\animal hot (!) glans gorgeoushorny .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\DVD Maker\Shared\gay hidden stockings .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Windows Journal\Templates\asian cumshot action uncut femdom (Jade,Curtney).zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish lingerie masturbation nipples shower .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast [bangbus] (Anniston,Anniston).avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black fucking lesbian public young (Samantha).mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian beast porn licking vagina .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore lesbian upskirt .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\spanish gay cumshot [milf] nipples .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian porn masturbation (Karin,Liz).avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\Downloaded Program Files\norwegian action full movie shoes .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian porn [bangbus] .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fetish beast big .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\hardcore handjob [bangbus] sweet (Gina,Samantha).rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\PLA\Templates\gang bang several models .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish voyeur 40+ .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum public cock .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kicking several models castration (Ashley).mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\african horse hidden .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german cum animal [free] legs upskirt .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian lesbian girls .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\temp\indian cum licking circumcision .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\animal sleeping YEâPSè& .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore several models vagina femdom .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\norwegian bukkake fetish girls hole 50+ .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie several models ash .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese kicking beast licking vagina .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking bukkake public vagina femdom .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia cumshot hidden .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\SoftwareDistribution\Download\norwegian hardcore sleeping upskirt .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\mssrv.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian xxx hidden legs (Ashley,Anniston).mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\tmp\american lingerie sperm [free] hole upskirt (Sandy).mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\security\templates\swedish xxx masturbation vagina (Anniston,Gina).avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian hardcore horse hot (!) bedroom .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\french lesbian cumshot catfight .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore catfight stockings (Britney,Kathrin).rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian sperm uncut redhair .rar.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2640	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2784	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
3020	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2704	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
1744	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
3012	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
324	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2184	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	28
PID 2116 wrote to memory of 2184	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	28
PID 2116 wrote to memory of 2184	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	28
PID 2116 wrote to memory of 2184	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	28
PID 2116 wrote to memory of 2712	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	29
PID 2116 wrote to memory of 2712	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	29
PID 2116 wrote to memory of 2712	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	29
PID 2116 wrote to memory of 2712	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	29
PID 2184 wrote to memory of 2936	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	30
PID 2184 wrote to memory of 2936	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	30
PID 2184 wrote to memory of 2936	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	30
PID 2184 wrote to memory of 2936	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	30
PID 2116 wrote to memory of 2692	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	31
PID 2116 wrote to memory of 2692	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	31
PID 2116 wrote to memory of 2692	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	31
PID 2116 wrote to memory of 2692	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	31
PID 2712 wrote to memory of 2640	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	32
PID 2712 wrote to memory of 2640	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	32
PID 2712 wrote to memory of 2640	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	32
PID 2712 wrote to memory of 2640	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	32
PID 2184 wrote to memory of 2784	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	33
PID 2184 wrote to memory of 2784	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	33
PID 2184 wrote to memory of 2784	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	33
PID 2184 wrote to memory of 2784	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	33
PID 2936 wrote to memory of 3020	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	34
PID 2936 wrote to memory of 3020	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	34
PID 2936 wrote to memory of 3020	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	34
PID 2936 wrote to memory of 3020	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	34
PID 2116 wrote to memory of 2704	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	37
PID 2116 wrote to memory of 2704	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	37
PID 2116 wrote to memory of 2704	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	37
PID 2116 wrote to memory of 2704	2116	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	37
PID 2712 wrote to memory of 3012	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	36
PID 2712 wrote to memory of 3012	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	36
PID 2712 wrote to memory of 3012	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	36
PID 2712 wrote to memory of 3012	2712	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	36
PID 2692 wrote to memory of 1744	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	35
PID 2692 wrote to memory of 1744	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	35
PID 2692 wrote to memory of 1744	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	35
PID 2692 wrote to memory of 1744	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	35
PID 2184 wrote to memory of 324	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	38
PID 2184 wrote to memory of 324	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	38
PID 2184 wrote to memory of 324	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	38
PID 2184 wrote to memory of 324	2184	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	38
PID 2936 wrote to memory of 936	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	39
PID 2936 wrote to memory of 936	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	39
PID 2936 wrote to memory of 936	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	39
PID 2936 wrote to memory of 936	2936	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	39
PID 2640 wrote to memory of 1876	2640	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	40
PID 2640 wrote to memory of 1876	2640	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	40
PID 2640 wrote to memory of 1876	2640	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	40
PID 2640 wrote to memory of 1876	2640	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	40
PID 2784 wrote to memory of 1296	2784	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	41
PID 2784 wrote to memory of 1296	2784	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	41
PID 2784 wrote to memory of 1296	2784	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	41
PID 2784 wrote to memory of 1296	2784	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	41
PID 3020 wrote to memory of 1328	3020	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	42
PID 3020 wrote to memory of 1328	3020	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	42
PID 3020 wrote to memory of 1328	3020	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	42
PID 3020 wrote to memory of 1328	3020	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	42
PID 2692 wrote to memory of 1652	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	43
PID 2692 wrote to memory of 1652	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	43
PID 2692 wrote to memory of 1652	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	43
PID 2692 wrote to memory of 1652	2692	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:8928
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:8960
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6368
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:8816
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:9404
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:8704
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3160
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:3856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6800
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:5144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:9128
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish lingerie masturbation nipples shower .mpg.exe

Filesize
649KB

MD5
fb9ea47c40d7e9d8fcab803aeff6049c

SHA1
9328bd155717221b2977ea7d5ad658cee5e9a22a

SHA256
b33f2155d32cf566e490192c61e191d4428cb011b625bc5e3812abb8a444ca61

SHA512
30a7ee2ca3ad300702a67e13c411364ed90f066824c1d18c12840d7cee0ef3efbe5d3d44a3f025079a3620b0b4fe0d2bfdb349da144cbf51878a4c4b99a1045c

Download Submit
memory/268-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/308-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/324-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/340-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/476-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/780-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/936-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/956-151-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1288-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1296-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1328-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1336-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1400-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1448-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1624-162-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1640-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1652-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1664-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1744-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1744-152-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/1876-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1880-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1996-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2116-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2116-23-0x0000000004DF0000-0x0000000004E0E000-memory.dmp

Filesize
120KB

Download
memory/2116-98-0x0000000005180000-0x000000000519E000-memory.dmp

Filesize
120KB

Download
memory/2116-70-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2116-71-0x0000000004DF0000-0x0000000004E0E000-memory.dmp

Filesize
120KB

Download
memory/2116-135-0x0000000005180000-0x000000000519E000-memory.dmp

Filesize
120KB

Download
memory/2116-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2116-88-0x0000000005180000-0x000000000519E000-memory.dmp

Filesize
120KB

Download
memory/2140-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2184-24-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2184-61-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/2184-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2348-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-95-0x00000000004F0000-0x000000000050E000-memory.dmp

Filesize
120KB

Download
memory/2640-127-0x00000000004F0000-0x000000000050E000-memory.dmp

Filesize
120KB

Download
memory/2692-146-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2692-156-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2692-131-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2692-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2704-132-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2704-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2704-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2704-116-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2712-118-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/2712-134-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/2712-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-161-0x0000000004930000-0x000000000494E000-memory.dmp

Filesize
120KB

Download
memory/2712-68-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/2712-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-93-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/2784-97-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2936-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2936-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-119-0x00000000047E0000-0x00000000047FE000-memory.dmp

Filesize
120KB

Download
memory/3012-139-0x00000000047E0000-0x00000000047FE000-memory.dmp

Filesize
120KB

Download
memory/3020-72-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-154-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/3020-145-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/3068-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download