f09223bb61d35ccf4c6b151efc3dc4b231bdb168c2ed8f313da2fd912c3fb07c

Analysis

max time kernel
16s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Size

1.8MB
MD5

5b1fd8c278e3087d38c9a05b31cf0570
SHA1

617b1b6455c80ab8c62552cb8145d422687dd29d
SHA256

f09223bb61d35ccf4c6b151efc3dc4b231bdb168c2ed8f313da2fd912c3fb07c
SHA512

5b3cb34a5974f7feb916a3ad8166880a562135dd968efa08c7410e4300545d901155ba3379792881d0cb9323f25cc45f7e95d96b84332e4abfad482d3b654851
SSDEEP

49152:vodeeQbeRm+BtGMNDdReb8qvtpUAEKkZvRl7:vqQbeRnBaDMAE/xRl7

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4680-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x000b000000023b8e-5.dat	upx
behavioral2/memory/3172-31-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2920-157-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4592-158-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2024-180-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3104-187-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3136-192-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/980-193-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1304-194-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4680-196-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4948-195-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3976-199-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1676-198-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3172-197-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4592-200-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2024-202-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2648-206-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2468-205-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4828-204-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3692-203-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4680-201-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1664-209-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/552-208-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3104-207-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2244-211-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3136-210-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/980-212-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3660-213-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2368-215-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4224-218-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/732-219-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4948-217-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1088-216-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1304-214-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3816-220-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3296-224-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1880-223-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3976-222-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1676-221-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3140-225-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4600-227-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3692-226-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5144-229-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2648-228-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5220-231-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1664-230-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2244-235-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5464-247-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5424-243-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5472-242-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5360-238-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5348-237-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3660-236-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5456-246-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5448-245-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5432-244-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5440-241-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1088-239-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5408-240-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5716-253-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3816-254-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/732-252-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6308-260-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\J:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\L:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\X:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\Z:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\E:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\I:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\O:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\P:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\Q:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\W:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\A:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\K:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\M:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\N:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\S:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\U:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\B:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\G:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\R:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\T:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\V:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File opened (read-only)	\??\Y:	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\nude cumshot big (Anniston).mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\african fucking big (Kathrin,Jenna).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian porn public .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish lesbian hardcore masturbation ash boots .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore [free] (Curtney).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob action big ash .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking hidden latex (Janette,Sarah).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian hardcore catfight legs ash .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\british nude several models granny .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese gang bang sperm public fishy (Anniston).mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british bukkake girls boobs castration .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality full movie shower .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\black porn lesbian lesbian (Curtney,Sonja).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\action horse catfight cock redhair (Melissa,Melissa).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german lesbian cum lesbian sweet .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Google\Temp\chinese beastiality sperm sleeping .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian beastiality [bangbus] glans girly .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\Temp\trambling several models vagina high heels .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish nude action hidden ejaculation .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\canadian hardcore hot (!) ash ejaculation .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish animal gang bang voyeur glans hairy (Curtney,Gina).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx hardcore [bangbus] hole .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian handjob blowjob hot (!) .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\kicking action lesbian feet .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\danish lesbian gay uncut boobs (Christine).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american fetish action voyeur hotel (Kathrin).zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\spanish porn voyeur balls .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian lingerie voyeur ash penetration (Sylvia,Sylvia).zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish horse uncut beautyfull (Jade).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling [free] stockings .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cumshot xxx big hole .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\norwegian trambling girls .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\german lesbian hidden .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\Downloaded Program Files\blowjob public feet circumcision .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\gay masturbation hole ejaculation .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx hidden .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\gang bang xxx girls swallow .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\beastiality hidden latex .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\PLA\Templates\russian hardcore animal full movie .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\norwegian blowjob lingerie masturbation .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese blowjob horse hot (!) .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\brasilian blowjob hidden boobs granny .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\norwegian fucking fetish full movie .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\german fucking licking balls (Kathrin,Sarah).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cumshot beastiality masturbation nipples latex .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\danish gang bang cumshot [milf] hole (Samantha,Samantha).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian xxx lesbian hot (!) gorgeoushorny (Britney,Sonja).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\horse [milf] .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\japanese horse hardcore [free] legs mistress .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\trambling lesbian hidden (Christine).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian hardcore [bangbus] .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\beast gang bang girls shower .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cum hidden gorgeoushorny .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\lesbian beast girls bondage .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\italian trambling kicking girls (Jade).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\sperm animal [free] .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\handjob voyeur young .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\cum beastiality uncut sm .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia lesbian kicking hidden hole hairy (Sonja).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\hardcore girls hole .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\chinese fucking hot (!) blondie .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\malaysia kicking nude hidden ash .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\german nude bukkake girls sweet .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\hardcore animal catfight feet beautyfull .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\brasilian xxx several models wifey .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\sperm horse voyeur shoes .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse action hot (!) cock .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\CbsTemp\italian fucking hardcore hidden feet circumcision .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\brasilian beastiality uncut cock traffic (Tatjana).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\handjob uncut cock .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\mssrv.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\french cumshot licking .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\cum beast uncut .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\action beastiality sleeping nipples leather .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian porn masturbation vagina penetration .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\InputMethod\SHARED\black cum hardcore lesbian .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black blowjob public fishy .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking full movie granny .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\assembly\tmp\fucking trambling voyeur wifey .rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\tyrkish lesbian public legs wifey .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian beast cum [milf] legs redhair (Sandy).zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\beast catfight mature .avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\russian trambling girls glans hotel (Sylvia,Christine).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese kicking fetish hot (!) black hairunshaved (Samantha).avi.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\asian action kicking uncut ash wifey (Samantha).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\french trambling fucking hot (!) (Britney,Sonja).rar.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\kicking beastiality voyeur .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german cum uncut (Jenna,Gina).mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fucking fucking voyeur high heels .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\canadian gang bang [free] wifey .zip.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\tyrkish action uncut hole (Ashley,Sonja).mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\kicking cumshot hidden mistress .mpeg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian porn [bangbus] ash (Samantha,Sandy).mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\lingerie licking titts pregnant .mpg.exe	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3136	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3136	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
980	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
980	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
1304	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
1304	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4948	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4948	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4224	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4224	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3976	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3976	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
1676	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
1676	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3140	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3140	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3692	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
3692	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 3172	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	87
PID 4680 wrote to memory of 3172	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	87
PID 4680 wrote to memory of 3172	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	87
PID 3172 wrote to memory of 2920	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	90
PID 3172 wrote to memory of 2920	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	90
PID 3172 wrote to memory of 2920	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	90
PID 4680 wrote to memory of 4592	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	91
PID 4680 wrote to memory of 4592	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	91
PID 4680 wrote to memory of 4592	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	91
PID 3172 wrote to memory of 2024	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	97
PID 3172 wrote to memory of 2024	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	97
PID 3172 wrote to memory of 2024	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	97
PID 2920 wrote to memory of 4828	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	98
PID 2920 wrote to memory of 4828	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	98
PID 2920 wrote to memory of 4828	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	98
PID 4680 wrote to memory of 2468	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	99
PID 4680 wrote to memory of 2468	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	99
PID 4680 wrote to memory of 2468	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	99
PID 4592 wrote to memory of 3104	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	100
PID 4592 wrote to memory of 3104	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	100
PID 4592 wrote to memory of 3104	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	100
PID 3172 wrote to memory of 3136	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	101
PID 3172 wrote to memory of 3136	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	101
PID 3172 wrote to memory of 3136	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	101
PID 2024 wrote to memory of 980	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	102
PID 2024 wrote to memory of 980	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	102
PID 2024 wrote to memory of 980	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	102
PID 2920 wrote to memory of 1304	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	104
PID 2920 wrote to memory of 1304	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	104
PID 2920 wrote to memory of 1304	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	104
PID 4680 wrote to memory of 4948	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	105
PID 4680 wrote to memory of 4948	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	105
PID 4680 wrote to memory of 4948	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	105
PID 4592 wrote to memory of 4224	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	106
PID 4592 wrote to memory of 4224	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	106
PID 4592 wrote to memory of 4224	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	106
PID 2468 wrote to memory of 1676	2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	107
PID 2468 wrote to memory of 1676	2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	107
PID 2468 wrote to memory of 1676	2468	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	107
PID 4828 wrote to memory of 3976	4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	108
PID 4828 wrote to memory of 3976	4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	108
PID 4828 wrote to memory of 3976	4828	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	108
PID 3104 wrote to memory of 3140	3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	109
PID 3104 wrote to memory of 3140	3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	109
PID 3104 wrote to memory of 3140	3104	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	109
PID 2024 wrote to memory of 3692	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	110
PID 2024 wrote to memory of 3692	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	110
PID 2024 wrote to memory of 3692	2024	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	110
PID 3172 wrote to memory of 2648	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	111
PID 3172 wrote to memory of 2648	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	111
PID 3172 wrote to memory of 2648	3172	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	111
PID 2920 wrote to memory of 552	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	112
PID 2920 wrote to memory of 552	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	112
PID 2920 wrote to memory of 552	2920	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	112
PID 4680 wrote to memory of 1664	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	113
PID 4680 wrote to memory of 1664	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	113
PID 4680 wrote to memory of 1664	4680	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	113
PID 3136 wrote to memory of 2244	3136	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	114
PID 3136 wrote to memory of 2244	3136	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	114
PID 3136 wrote to memory of 2244	3136	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	114
PID 4592 wrote to memory of 3660	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	115
PID 4592 wrote to memory of 3660	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	115
PID 4592 wrote to memory of 3660	4592	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	115
PID 980 wrote to memory of 2368	980	5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe	116

C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        9⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12812
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12828
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16900
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16472
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12788
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:12820
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:17072
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12868
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:15796
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16772
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:12876
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:164
        
        C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        7⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12960
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:732
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:13000
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16916
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:12844
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16820
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:16592
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:8780
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:12976
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:15976
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:11256
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:16748
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  PID:5456
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:13016
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  PID:6840
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:12544
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:16892
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  PID:8960
- - C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
    3⤵
    PID:15968
- C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1fd8c278e3087d38c9a05b31cf0570_NEAS.exe"
  2⤵
  PID:12852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish nude action hidden ejaculation .mpg.exe

Filesize
1003KB

MD5
83a5167d9b57b956d3408c34388b654a

SHA1
d17acd3617fd94c8bed9c0bdd47c777452f55cd0

SHA256
73dfebbf9890747f31f518c749e031e18a8c09f40ef3735c403fba016f8068af

SHA512
f070c8ec997d6b9038846ab500c5ef3176b729d45c3bec7033869b1e7d920fc5922a814eae3aa8dc1bb3b54e833dbdf9bfc67869f9b4ee6138a58f2ed88b5913

Download Submit
memory/552-208-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/732-252-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/732-219-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/980-193-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/980-212-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1088-216-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1088-239-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1304-214-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1304-194-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1632-261-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1664-230-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1664-209-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1676-198-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1676-221-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1880-223-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2024-202-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2024-180-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2244-211-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2244-235-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2368-215-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2468-205-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2648-206-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2648-228-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2920-157-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3104-207-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3104-187-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3136-210-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3136-192-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3140-225-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3172-197-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3172-31-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3296-255-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3296-224-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3660-236-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3660-213-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3692-226-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3692-203-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3816-254-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3816-220-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-199-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-222-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4224-218-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4592-200-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4592-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4600-263-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4600-227-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-196-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-307-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-456-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-201-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4828-204-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4948-195-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4948-217-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5144-229-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5144-265-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5220-269-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5220-231-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5348-274-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5348-237-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-275-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-238-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5372-276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5384-277-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5392-291-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5400-278-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5408-240-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5408-288-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5416-292-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5424-293-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5424-243-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5432-244-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5432-294-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5440-241-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5440-289-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5448-245-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5448-296-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5456-246-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5464-247-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5472-242-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5472-290-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5524-295-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5716-253-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6244-257-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6252-256-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6272-258-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6280-259-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6308-260-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6356-262-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6452-264-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6656-266-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6668-270-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6732-279-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6772-280-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6788-281-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6812-282-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6840-283-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6844-284-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6856-285-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download