498239d67c60b4053381903eb7eb941a84d31d6e310b45b7959a02acb526dc34

Analysis

max time kernel
148s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Size

1.6MB
MD5

dd9eaf17ea8767a6c8e1b2914da16f90
SHA1

f6b5a71a6d8130b098949107564cb71d9b43831a
SHA256

498239d67c60b4053381903eb7eb941a84d31d6e310b45b7959a02acb526dc34
SHA512

d780fa4d12f7536288c14d9f1ef2e5298190ce342cbfb2c4e73cc1c79618db3e57dfe6b02e5d2cd0a5e0d0667dfc96d742cab21c5fafae785714e9679cd86522
SSDEEP

49152:NdbKW1+YmHy6iwQbj3ftsgQJd3LpmpinQFssK0EqvCGpj:NdbrrgiVbjf65jLp3oRwkj

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2456-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x000300000002297f-5.dat	upx
behavioral2/memory/2872-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4608-158-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/212-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2332-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/552-178-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1052-177-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1976-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/740-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1592-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2456-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2588-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3580-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2192-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2872-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/212-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1052-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4608-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/552-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2352-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1132-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1400-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/664-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2332-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1836-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3232-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1976-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4500-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1952-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4304-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/740-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5200-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2588-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2192-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5208-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1592-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5340-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/664-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1132-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5448-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5436-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5420-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5472-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1836-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3232-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4500-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1952-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5488-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5480-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5208-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5200-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5340-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5528-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5544-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5420-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5552-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5860-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5708-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6256-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5436-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6352-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6396-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6388-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\R:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\T:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\Z:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\E:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\G:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\H:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\K:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\Y:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\B:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\J:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\N:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\W:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\X:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\I:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\M:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\P:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\V:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\U:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\A:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\O:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\Q:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File opened (read-only)	\??\S:	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\french gang bang action masturbation shoes .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian lesbian gay hot (!) young .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish action girls glans swallow .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian nude xxx hot (!) cock (Janette,Ashley).avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american lingerie lesbian masturbation .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american cumshot xxx [milf] ash (Samantha).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian beast porn [free] 40+ .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian trambling girls ash .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\porn animal big sm .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie gang bang catfight ash .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\handjob [milf] ash 50+ (Sylvia).avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia porn licking .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian fucking voyeur boobs .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality gang bang several models stockings .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn voyeur (Sonja,Jade).avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\handjob [bangbus] .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german handjob several models black hairunshaved .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\bukkake [bangbus] castration .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Google\Temp\action horse full movie vagina bondage .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese porn uncut gorgeoushorny .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\dotnet\shared\beast horse several models vagina (Christine,Sonja).mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Google\Update\Download\german animal girls glans (Jade,Christine).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish fetish [free] .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\action uncut penetration (Sonja).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\spanish animal [milf] gorgeoushorny .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african xxx hardcore licking .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob licking .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian bukkake [free] vagina balls .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\action [milf] titts mistress .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gang bang [milf] 50+ (Gina,Sarah).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african bukkake fucking catfight granny (Britney).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\british fetish handjob full movie black hairunshaved .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lesbian [bangbus] granny (Melissa,Sonja).mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\handjob lingerie licking .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\trambling gang bang voyeur .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\xxx public boots .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian gang bang catfight nipples (Liz).zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn several models (Christine).avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse public ash .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\brasilian kicking public glans (Gina,Sandy).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\CbsTemp\xxx [free] nipples upskirt .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore bukkake girls glans .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\chinese horse several models .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish hardcore porn hidden .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\gang bang xxx lesbian hole beautyfull .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese xxx sleeping cock upskirt .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fetish bukkake several models .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cum nude [free] shoes .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\russian bukkake fetish [bangbus] .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\tyrkish fucking sleeping (Melissa).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\tyrkish cum beastiality uncut .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse masturbation hole hotel .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\american fucking girls .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\norwegian beast hot (!) beautyfull .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\tyrkish horse xxx full movie .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\italian gang bang cum [milf] nipples wifey .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\security\templates\american nude [free] .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\italian hardcore beastiality sleeping glans swallow .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish xxx hot (!) vagina (Gina,Sonja).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\assembly\tmp\xxx full movie hole mature .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse sleeping latex .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beast [bangbus] blondie .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cumshot gang bang lesbian shoes .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\spanish kicking trambling sleeping leather .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\lesbian trambling hidden glans mature .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american fetish beast full movie 50+ .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse public castration .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\horse gay sleeping .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black beastiality big ash .mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake fucking sleeping latex (Jenna,Sonja).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\chinese hardcore masturbation legs .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\spanish fetish action hot (!) .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lingerie horse lesbian boobs .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african action several models circumcision (Ashley).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore gay full movie shoes .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\beastiality masturbation titts beautyfull .avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\malaysia gay sleeping .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian sperm beast hot (!) circumcision .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish fetish girls lady (Kathrin,Sandy).mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\american blowjob hot (!) lady (Jenna).avi.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\xxx xxx licking boobs granny (Sarah).mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\french porn porn big black hairunshaved (Christine,Melissa).mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese gay public girly .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\lesbian kicking big ash (Sandy,Christine).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob nude girls 50+ .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\swedish horse beastiality hot (!) nipples redhair (Sandy).rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish handjob action lesbian .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\nude full movie nipples mature .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\xxx sperm [milf] .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\animal public vagina .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\chinese animal sleeping nipples beautyfull .rar.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german beastiality masturbation .mpg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\Downloaded Program Files\blowjob horse licking nipples (Britney).mpeg.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
File created	C:\Windows\InputMethod\SHARED\lesbian voyeur .zip.exe	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1976	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1976	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4304	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4304	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
740	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
740	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1592	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1592	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
3580	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
3580	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2192	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2192	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2588	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2588	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2172	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
2172	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4324	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
4324	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2872	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	88
PID 2456 wrote to memory of 2872	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	88
PID 2456 wrote to memory of 2872	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	88
PID 2872 wrote to memory of 212	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	94
PID 2872 wrote to memory of 212	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	94
PID 2872 wrote to memory of 212	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	94
PID 2456 wrote to memory of 4608	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	95
PID 2456 wrote to memory of 4608	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	95
PID 2456 wrote to memory of 4608	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	95
PID 212 wrote to memory of 1052	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	97
PID 212 wrote to memory of 1052	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	97
PID 212 wrote to memory of 1052	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	97
PID 2872 wrote to memory of 552	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	98
PID 2872 wrote to memory of 552	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	98
PID 2872 wrote to memory of 552	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	98
PID 2456 wrote to memory of 2332	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	99
PID 2456 wrote to memory of 2332	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	99
PID 2456 wrote to memory of 2332	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	99
PID 4608 wrote to memory of 1400	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	100
PID 4608 wrote to memory of 1400	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	100
PID 4608 wrote to memory of 1400	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	100
PID 212 wrote to memory of 1976	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	102
PID 212 wrote to memory of 1976	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	102
PID 212 wrote to memory of 1976	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	102
PID 1052 wrote to memory of 4304	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	103
PID 1052 wrote to memory of 4304	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	103
PID 1052 wrote to memory of 4304	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	103
PID 2872 wrote to memory of 740	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	104
PID 2872 wrote to memory of 740	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	104
PID 2872 wrote to memory of 740	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	104
PID 2456 wrote to memory of 1592	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	105
PID 2456 wrote to memory of 1592	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	105
PID 2456 wrote to memory of 1592	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	105
PID 4608 wrote to memory of 3580	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	106
PID 4608 wrote to memory of 3580	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	106
PID 4608 wrote to memory of 3580	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	106
PID 552 wrote to memory of 2588	552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	108
PID 552 wrote to memory of 2588	552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	108
PID 552 wrote to memory of 2588	552	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	108
PID 2332 wrote to memory of 2192	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	107
PID 2332 wrote to memory of 2192	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	107
PID 2332 wrote to memory of 2192	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	107
PID 1400 wrote to memory of 2172	1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	109
PID 1400 wrote to memory of 2172	1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	109
PID 1400 wrote to memory of 2172	1400	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	109
PID 212 wrote to memory of 4324	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	112
PID 212 wrote to memory of 4324	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	112
PID 212 wrote to memory of 4324	212	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	112
PID 1052 wrote to memory of 2352	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	113
PID 1052 wrote to memory of 2352	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	113
PID 1052 wrote to memory of 2352	1052	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	113
PID 2872 wrote to memory of 664	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	114
PID 2872 wrote to memory of 664	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	114
PID 2872 wrote to memory of 664	2872	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	114
PID 2456 wrote to memory of 4500	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	115
PID 2456 wrote to memory of 4500	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	115
PID 2456 wrote to memory of 4500	2456	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	115
PID 1976 wrote to memory of 1132	1976	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	116
PID 1976 wrote to memory of 1132	1976	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	116
PID 1976 wrote to memory of 1132	1976	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	116
PID 2332 wrote to memory of 1836	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	117
PID 2332 wrote to memory of 1836	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	117
PID 2332 wrote to memory of 1836	2332	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	117
PID 4608 wrote to memory of 1952	4608	dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe	118

C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:20124
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:18496
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:21856
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20660
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21048
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21412
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18636
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:21420
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:18888
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21644
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:21628
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21604
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:21380
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:21612
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17652
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20972
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:19508
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:664
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:21432
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8364
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17452
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10208
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:14524
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:21056
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4608
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21636
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:21864
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:17660
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:19544
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:20356
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:19528
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20116
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:18976
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:21880
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:18204
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:116
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:20628
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10332
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:13600
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:20620
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:19696
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:19092
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:21256
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20720
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:19500
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:21872
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17500
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:20108
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:20344
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10348
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:14108
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:20712
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:21372
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
        5⤵
        
        PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:21104
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17676
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:15304
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:11904
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:18504
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:4500
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:14248
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:13192
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:18992
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:5504
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
      4⤵
      PID:9972
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:13648
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:20644
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:6628
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
    3⤵
    PID:18760
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:10308
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:14884
- C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\dd9eaf17ea8767a6c8e1b2914da16f90_NEAS.exe"
  2⤵
  PID:7832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\handjob [bangbus] .mpeg.exe

Filesize
1.1MB

MD5
c6b711e2031b06793fe484c3b04d92bd

SHA1
7f4dddbed8ea0f83925ee79d6dcdab2bf8c883d9

SHA256
5f776d40da577312cf54c1135e37368a2b6556f097200a5760e0dd7ebb4f7e3a

SHA512
17877f8fb556b962d0e1b519f009b044d0d45da32166568153c6d92aa39fdd13cda4b9e505f9feef0af661b392130ef2ccfa479b27824a206c22a3a074873a90

Download Submit
memory/212-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/212-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/552-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/552-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/664-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/664-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/740-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/740-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/920-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1052-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1052-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1132-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1132-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1400-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1592-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1592-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1836-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1836-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1952-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1952-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1976-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1976-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2192-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2192-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2332-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2332-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2456-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2456-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3232-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3232-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3580-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4212-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4304-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4500-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4500-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4576-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4608-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4608-158-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5200-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5200-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5208-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5208-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5436-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5436-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5448-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5472-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5472-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5480-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5488-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5488-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5528-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5536-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5544-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5552-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5552-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5708-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5860-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5860-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6256-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6352-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6352-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6368-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6380-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6380-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6388-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6396-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6396-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6420-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6520-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6520-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6528-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6536-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6544-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6576-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6620-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6628-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6712-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7008-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7028-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7036-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7116-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7176-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7184-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7192-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7200-292-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7208-293-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7272-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download