85fd4b0b303b2ff58ff72f6face0fcaf5c0dd506356cb6502c0d540784d6cdad

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Size

187KB
MD5

5ce05fedd47158f7269e205aae5ce150
SHA1

cf2d4b335c3f16beb3acc54e9e7592ebafcb1b2c
SHA256

85fd4b0b303b2ff58ff72f6face0fcaf5c0dd506356cb6502c0d540784d6cdad
SHA512

a9d1daa0b5dbae6cd548484d3c10ef500aaa1db6dc0f4e38baf94d8ceff7c0f134e2a2a12d72997a226185214da9438ad3556d9cfd1d4d46b06b43f18e159a73
SSDEEP

3072:gjbLl/gvQoutxMlqsmQKGkbxS7i/AFCoL9ibmz0nqM2yd9ElgQcxl6XQQ:gjluQoSxMlqjGU6CoLki0nqM2yElgHfK

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1900-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x0007000000023441-5.dat	upx
behavioral2/memory/2344-46-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1924-160-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3960-161-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1076-180-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3812-181-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3852-183-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/212-182-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3412-184-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2972-185-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1900-187-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/620-186-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4060-190-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2344-189-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2096-188-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2916-192-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1924-191-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4452-195-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3972-194-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3960-193-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3276-198-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1076-197-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1900-196-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3812-199-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4020-201-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/588-200-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3412-202-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2972-203-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/620-204-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2560-207-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2364-209-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3408-208-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4984-211-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4060-210-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2096-206-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1264-205-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2916-212-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4452-213-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4908-215-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2824-216-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3276-214-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5128-217-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/588-221-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4020-222-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5240-224-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1264-226-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2364-229-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3408-228-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2560-227-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4412-223-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2648-225-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3680-231-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4984-230-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2236-233-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5328-234-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/884-232-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5344-237-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5256-236-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5240-235-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5264-238-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5276-239-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5360-243-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5376-241-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\G:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\K:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\M:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\T:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\V:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\Y:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\E:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\I:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\J:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\L:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\Q:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\S:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\U:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\B:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\H:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\N:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\P:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\R:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\W:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\X:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\Z:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File opened (read-only)	\??\A:	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\blowjob several models blondie .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cumshot beastiality sleeping legs traffic (Christine,Janette).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african lingerie licking beautyfull (Jade,Jenna).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay several models .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese kicking beast lesbian bedroom .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese gay lesbian [free] hairy (Curtney).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian bukkake masturbation cock shower (Janette).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian animal masturbation nipples .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\animal horse [free] bedroom .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\malaysia sperm big stockings (Sandy).mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german lesbian [free] .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese gang bang gang bang girls high heels (Britney).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian hardcore beastiality lesbian granny .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\canadian lesbian voyeur .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\Temp\sperm gang bang voyeur (Sonja).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german xxx handjob full movie nipples blondie .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude kicking [bangbus] titts redhair (Sonja).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\asian beast several models ash hairy .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\cum girls .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian porn public legs .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\malaysia gang bang hot (!) feet .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\asian lingerie cum [bangbus] .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fucking uncut hairy .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish lingerie girls young .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian several models bedroom .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\dotnet\shared\cumshot lingerie licking sm .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gang bang blowjob catfight high heels .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian xxx masturbation .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\african animal horse voyeur girly .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Program Files (x86)\Google\Temp\canadian fetish [bangbus] .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\CbsTemp\indian fetish licking titts ìó (Sonja,Melissa).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\asian beast animal full movie high heels .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\danish cumshot cum girls granny (Jenna).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british nude animal voyeur hole hairy .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian horse hot (!) glans wifey (Sonja).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish blowjob cum uncut feet mistress (Ashley,Kathrin).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese trambling big legs ejaculation (Jenna,Gina).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french fucking nude [free] (Karin).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\bukkake cum licking ash .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\brasilian fucking lesbian hole Ôï .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african kicking big .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\african animal [free] nipples girly .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\PLA\Templates\lesbian hardcore catfight bondage .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\french trambling catfight .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black trambling [free] bedroom (Liz).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cum hardcore lesbian boots .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\german cum sleeping circumcision .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\hardcore gang bang public hole .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\asian nude kicking masturbation cock shower (Gina,Tatjana).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\beastiality xxx [free] (Sylvia,Jenna).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\black lingerie kicking [milf] .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\canadian blowjob catfight titts (Britney,Sandy).mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\brasilian lingerie sperm voyeur (Karin,Curtney).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\black nude bukkake masturbation nipples stockings (Tatjana).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\italian xxx fetish big (Sandy).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\xxx blowjob uncut hole .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\spanish gang bang xxx hot (!) .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\lingerie lesbian several models (Gina).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\malaysia horse gay [bangbus] fishy (Sylvia,Ashley).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\kicking lingerie big hairy (Karin,Samantha).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian porn trambling hidden feet lady (Melissa).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\african fucking public bedroom .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\beastiality public mature .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian cum big ash (Sarah).mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nude [bangbus] vagina (Karin).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\gay gang bang full movie mature .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\british fetish gay [milf] lady .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\asian beastiality horse public (Anniston).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\blowjob cum hot (!) leather (Ashley).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese cumshot several models .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\british trambling big titts .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian kicking big sweet .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\german lesbian sperm hidden femdom (Sonja,Ashley).mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish gay cum full movie (Tatjana).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\animal porn licking (Anniston,Sonja).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\german action beast catfight ash .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\french lingerie porn [milf] glans (Sandy,Kathrin).mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\nude blowjob several models legs pregnant .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\canadian horse lesbian big bedroom (Anniston).zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\asian cumshot gay uncut mature .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese fucking bukkake hidden pregnant (Samantha).rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal blowjob licking boobs leather .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action animal lesbian feet .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia hardcore public feet .avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\indian bukkake kicking hot (!) swallow .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\horse big cock .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\indian fetish gang bang catfight bedroom .rar.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\beastiality gang bang several models (Sonja,Ashley).avi.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian kicking gang bang big swallow .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\InputMethod\SHARED\animal horse lesbian glans .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\sperm beastiality catfight .mpeg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish nude porn uncut .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gay horse hot (!) mature .zip.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\trambling fucking voyeur vagina .mpg.exe	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3412	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3412	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2972	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2972	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
620	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
620	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2096	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2096	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
4060	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
4060	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2916	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
2916	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3972	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3972	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
4452	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
4452	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3276	5ce05fedd47158f7269e205aae5ce150_NEAS.exe
3276	5ce05fedd47158f7269e205aae5ce150_NEAS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2344	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	86
PID 1900 wrote to memory of 2344	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	86
PID 1900 wrote to memory of 2344	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	86
PID 2344 wrote to memory of 1924	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	87
PID 2344 wrote to memory of 1924	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	87
PID 2344 wrote to memory of 1924	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	87
PID 1900 wrote to memory of 3960	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	88
PID 1900 wrote to memory of 3960	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	88
PID 1900 wrote to memory of 3960	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	88
PID 1924 wrote to memory of 1076	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	91
PID 1924 wrote to memory of 1076	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	91
PID 1924 wrote to memory of 1076	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	91
PID 2344 wrote to memory of 3812	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	92
PID 2344 wrote to memory of 3812	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	92
PID 2344 wrote to memory of 3812	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	92
PID 3960 wrote to memory of 212	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	93
PID 3960 wrote to memory of 212	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	93
PID 3960 wrote to memory of 212	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	93
PID 1900 wrote to memory of 3852	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	94
PID 1900 wrote to memory of 3852	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	94
PID 1900 wrote to memory of 3852	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	94
PID 1924 wrote to memory of 3412	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	98
PID 1924 wrote to memory of 3412	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	98
PID 1924 wrote to memory of 3412	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	98
PID 1076 wrote to memory of 2972	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	99
PID 1076 wrote to memory of 2972	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	99
PID 1076 wrote to memory of 2972	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	99
PID 2344 wrote to memory of 620	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	100
PID 2344 wrote to memory of 620	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	100
PID 2344 wrote to memory of 620	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	100
PID 3960 wrote to memory of 2096	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	101
PID 3960 wrote to memory of 2096	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	101
PID 3960 wrote to memory of 2096	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	101
PID 1900 wrote to memory of 4060	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	102
PID 1900 wrote to memory of 4060	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	102
PID 1900 wrote to memory of 4060	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	102
PID 3812 wrote to memory of 2916	3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	103
PID 3812 wrote to memory of 2916	3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	103
PID 3812 wrote to memory of 2916	3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	103
PID 3852 wrote to memory of 3972	3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	104
PID 3852 wrote to memory of 3972	3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	104
PID 3852 wrote to memory of 3972	3852	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	104
PID 212 wrote to memory of 4452	212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	105
PID 212 wrote to memory of 4452	212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	105
PID 212 wrote to memory of 4452	212	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	105
PID 3412 wrote to memory of 3276	3412	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	108
PID 3412 wrote to memory of 3276	3412	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	108
PID 3412 wrote to memory of 3276	3412	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	108
PID 1924 wrote to memory of 2824	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	109
PID 1924 wrote to memory of 2824	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	109
PID 1924 wrote to memory of 2824	1924	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	109
PID 3960 wrote to memory of 588	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	110
PID 3960 wrote to memory of 588	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	110
PID 3960 wrote to memory of 588	3960	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	110
PID 2344 wrote to memory of 4020	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	111
PID 2344 wrote to memory of 4020	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	111
PID 2344 wrote to memory of 4020	2344	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	111
PID 1076 wrote to memory of 4412	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	112
PID 1076 wrote to memory of 4412	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	112
PID 1076 wrote to memory of 4412	1076	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	112
PID 1900 wrote to memory of 2648	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	113
PID 1900 wrote to memory of 2648	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	113
PID 1900 wrote to memory of 2648	1900	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	113
PID 3812 wrote to memory of 1264	3812	5ce05fedd47158f7269e205aae5ce150_NEAS.exe	114

C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        9⤵
        
        PID:19472
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:19200
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:19664
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:20428
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:26780
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19368
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:24500
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:20864
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19480
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:23268
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20404
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19600
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:19496
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19680
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20252
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:24912
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24928
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20736
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:27004
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:21164
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20528
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26900
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19012
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:21328
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:20648
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:26924
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19064
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:26620
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20680
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:22156
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19436
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:22220
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:27576
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19424
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26436
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20488
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19704
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23756
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19712
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:21172
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20784
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26988
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20720
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:22772
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20728
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:27012
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19380
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20800
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23108
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19248
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:15248
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19488
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:27040
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19104
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19504
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19688
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:21196
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24968
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20332
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:22684
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19080
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24956
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:21568
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20372
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26772
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19184
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20688
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26932
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20600
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26940
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19632
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20792
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19908
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:22452
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26832
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19696
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:27300
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20460
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:896
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19592
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:24572
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20096
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:23232
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:23160
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:22572
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20348
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26788
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20552
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26892
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:21424
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19408
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26860
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20388
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20308
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19568
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20316
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19192
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9720
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20504
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26868
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19336
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26468
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:21360
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20396
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26756
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19544
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:27284
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19236
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26364
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9920
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:20380
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:26796
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:26996
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13400
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:19608
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:23712
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:20476
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:26764
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20696
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:26948
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19024
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:25804
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20520
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20964
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:20536
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        8⤵
        
        PID:26908
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19648
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:27276
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:21584
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20364
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20624
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26916
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20148
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:25068
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20468
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26748
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:164
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23508
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:20576
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:26956
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:24988
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19520
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24884
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20164
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19560
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:25880
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20272
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26972
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20856
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26980
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20340
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19584
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:14648
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:26876
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24436
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19232
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26804
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20452
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26628
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26384
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20356
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:23632
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20156
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:25080
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:588
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19280
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:24028
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19656
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:27292
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20632
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20436
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19056
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:24844
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:27020
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19072
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:20324
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:20512
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:26884
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13472
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:19096
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:9872
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:19264
        
        C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        7⤵
        
        PID:26852
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:27840
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20924
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:26472
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20280
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:23448
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19552
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23788
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19136
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:25108
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20140
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23708
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:15608
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:19144
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:25100
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23800
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:26372
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19528
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:27268
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19344
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:21376
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19672
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:20412
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13560
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:25044
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20496
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:27032
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19640
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10188
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19512
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:21408
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:20300
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:23500
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19536
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:27252
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:26312
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:21576
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:27048
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:20244
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:26964
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
        5⤵
        
        PID:22612
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:25092
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19400
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:26488
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:24852
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:27260
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:732
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:26740
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:19720
  - - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
      4⤵
      PID:21276
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13664
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:19452
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:9676
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:7000
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:13760
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:23424
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:9792
- - C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
    3⤵
    PID:20444
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:13488
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:19120
- C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5ce05fedd47158f7269e205aae5ce150_NEAS.exe"
  2⤵
  PID:25116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german xxx handjob full movie nipples blondie .avi.exe

Filesize
1.4MB

MD5
28b62eb466e78eab37cc82e7e3dad350

SHA1
77e15e7373a26f346acf1338ef2aa18a1d8fe92e

SHA256
220b6db169e3a5e1c083a3c1ce483547109cb84df5717832f54928fbac731036

SHA512
093592ab39d830080488820cb10dbc9ff353a7fb2f7190fdd4b0860d41001c3011cfd7c82a1418d69bc06867365532c6f571a6dbc4124cb56e67289684c54824

Download Submit
C:\debug.txt

Filesize
146B

MD5
6a13a62523747f82c62f6e486f5289a3

SHA1
50a1fbfcc2b5e8996730521dd53864b3d860efbc

SHA256
2cb7d2e3f70727c67b0f1495af1f84ed49b014007c2bc209d65575783f796e23

SHA512
f6b5baa0e27e96d2730b4133dbd5f3dda285214128e1c5d524679b998199a8bbfceef5a1cc6f28557a9e90b3c60bbf6a4af6de6846c8dc907f158f88ae65c25c

Download Submit
memory/212-182-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/588-200-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/588-221-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/620-204-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/620-186-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/884-232-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1076-180-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1076-197-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-205-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-226-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1340-274-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1900-187-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1900-500-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1900-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1900-196-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1900-303-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-191-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-160-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2096-188-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2096-206-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2236-233-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2292-277-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2292-259-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2344-189-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2344-46-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-229-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-209-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2560-207-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2560-227-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2648-225-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2824-216-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2872-268-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2916-192-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2916-212-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2972-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2972-203-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3276-198-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3276-214-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3408-208-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3408-228-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3412-202-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3412-184-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3676-267-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3676-246-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3680-231-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3812-199-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3812-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3852-183-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3960-161-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3960-193-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3972-194-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4020-222-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4020-201-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4060-190-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4060-210-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4412-223-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4452-213-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4452-195-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4908-215-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4984-230-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4984-211-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5128-217-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5156-265-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5240-224-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5240-235-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5256-236-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5264-238-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5276-239-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5288-240-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5296-242-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5304-244-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5312-245-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5320-247-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5328-234-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5328-248-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5336-251-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5344-255-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5344-237-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5352-258-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-263-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-243-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5368-260-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5376-262-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5376-241-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5432-270-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5488-271-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5972-252-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5972-272-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6016-273-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6016-256-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6152-257-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6152-275-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6232-279-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6232-261-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6388-264-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6420-266-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6556-269-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6624-276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6632-278-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download