2e1198c32f4cf6d18347c5bda3e049201e9937f576ac780739614e412d11e0c9

Analysis

max time kernel
68s
max time network
16s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28-10-2023 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1425724b45203d95979b37b9fef11b90.exe
Size

3.0MB
MD5

1425724b45203d95979b37b9fef11b90
SHA1

d538e31271c500d0384d05bc0263bf1472d1907a
SHA256

2e1198c32f4cf6d18347c5bda3e049201e9937f576ac780739614e412d11e0c9
SHA512

d5fb0783c8cfeaea393dcad743825215995edba9a3d911f09deb43795cb924c77fe4edf055d3cd9ee4581c97947f42f20029229f1b44bf221b611b9d41194ade
SSDEEP

49152:j495UciMmq/NhjX5p3JOCdLAweZnE5c965nqqIP2ItdQ:jk5LhzACdLAlnE5co5nqqIP2ItdQ

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2624	NEAS.1425724b45203d95979b37b9fef11b907.exe
2540	NEAS.1425724b45203d95979b37b9fef11b907.exe
1788	NEAS.1425724b45203d95979b37b9fef11b907.exe
1632	NEAS.1425724b45203d95979b37b9fef11b902.exe
1536	NEAS.1425724b45203d95979b37b9fef11b902.exe
2096	NEAS.1425724b45203d95979b37b9fef11b907.exe
2316	NEAS.1425724b45203d95979b37b9fef11b902.exe
2052	NEAS.1425724b45203d95979b37b9fef11b907.exe
1748	NEAS.1425724b45203d95979b37b9fef11b903.exe
676	NEAS.1425724b45203d95979b37b9fef11b903.exe
2716	NEAS.1425724b45203d95979b37b9fef11b907.exe
688	NEAS.1425724b45203d95979b37b9fef11b907.exe
2024	NEAS.1425724b45203d95979b37b9fef11b901.exe
2532	NEAS.1425724b45203d95979b37b9fef11b901.exe
2940	NEAS.1425724b45203d95979b37b9fef11b907.exe
2924	NEAS.1425724b45203d95979b37b9fef11b907.exe
2836	NEAS.1425724b45203d95979b37b9fef11b907.exe
1548	NEAS.1425724b45203d95979b37b9fef11b907.exe
1780	NEAS.1425724b45203d95979b37b9fef11b907.exe
2300	NEAS.1425724b45203d95979b37b9fef11b907.exe
2508	NEAS.1425724b45203d95979b37b9fef11b907.exe
768	NEAS.1425724b45203d95979b37b9fef11b907.exe
1652	NEAS.1425724b45203d95979b37b9fef11b902.exe
2500	NEAS.1425724b45203d95979b37b9fef11b907.exe
2888	NEAS.1425724b45203d95979b37b9fef11b907.exe
2408	NEAS.1425724b45203d95979b37b9fef11b907.exe
2996	NEAS.1425724b45203d95979b37b9fef11b902.exe
1440	NEAS.1425724b45203d95979b37b9fef11b907.exe
2720	NEAS.1425724b45203d95979b37b9fef11b907.exe
1356	NEAS.1425724b45203d95979b37b9fef11b903.exe
2056	NEAS.1425724b45203d95979b37b9fef11b907.exe
1316	NEAS.1425724b45203d95979b37b9fef11b902.exe
2708	NEAS.1425724b45203d95979b37b9fef11b907.exe
308	cmd.exe
1048	NEAS.1425724b45203d95979b37b9fef11b907.exe
436	NEAS.1425724b45203d95979b37b9fef11b907.exe
2572	NEAS.1425724b45203d95979b37b9fef11b907.exe
2700	NEAS.1425724b45203d95979b37b9fef11b902.exe
1588	NEAS.1425724b45203d95979b37b9fef11b907.exe
2604	NEAS.1425724b45203d95979b37b9fef11b902.exe
3092	NEAS.1425724b45203d95979b37b9fef11b907.exe
3100	NEAS.1425724b45203d95979b37b9fef11b907.exe
3124	NEAS.1425724b45203d95979b37b9fef11b902.exe
3200	NEAS.1425724b45203d95979b37b9fef11b907.exe
3276	NEAS.1425724b45203d95979b37b9fef11b907.exe
3268	NEAS.1425724b45203d95979b37b9fef11b907.exe
3300	NEAS.1425724b45203d95979b37b9fef11b902.exe
3372	NEAS.1425724b45203d95979b37b9fef11b907.exe
3432	NEAS.1425724b45203d95979b37b9fef11b907.exe
3452	NEAS.1425724b45203d95979b37b9fef11b907.exe
3484	NEAS.1425724b45203d95979b37b9fef11b902.exe
3556	NEAS.1425724b45203d95979b37b9fef11b907.exe
3608	NEAS.1425724b45203d95979b37b9fef11b907.exe
3620	NEAS.1425724b45203d95979b37b9fef11b907.exe
3656	NEAS.1425724b45203d95979b37b9fef11b902.exe
3780	NEAS.1425724b45203d95979b37b9fef11b907.exe
3816	NEAS.1425724b45203d95979b37b9fef11b900.exe
3900	NEAS.1425724b45203d95979b37b9fef11b907.exe
3912	NEAS.1425724b45203d95979b37b9fef11b907.exe
3992	NEAS.1425724b45203d95979b37b9fef11b902.exe
3084	NEAS.1425724b45203d95979b37b9fef11b903.exe
3260	NEAS.1425724b45203d95979b37b9fef11b907.exe
3420	NEAS.1425724b45203d95979b37b9fef11b902.exe
3464	NEAS.1425724b45203d95979b37b9fef11b907.exe

Loads dropped DLL 64 IoCs

pid	Process
2616	cmd.exe
2616	cmd.exe
2604	cmd.exe
2604	cmd.exe
2216	Process not Found
2972	cmd.exe
2972	cmd.exe
2992	cmd.exe
2924	NEAS.1425724b45203d95979b37b9fef11b907.exe
2992	cmd.exe
2924	NEAS.1425724b45203d95979b37b9fef11b907.exe
608	cmd.exe
664	Process not Found
608	cmd.exe
2460	Process not Found
2860	Process not Found
820	conhost.exe
820	conhost.exe
1404	Process not Found
3032	conhost.exe
3032	conhost.exe
3044	cmd.exe
1492	conhost.exe
1492	conhost.exe
3044	cmd.exe
864	Process not Found
1000	conhost.exe
1000	conhost.exe
2296	Process not Found
560	Process not Found
2628	cmd.exe
2084	Process not Found
2628	cmd.exe
1260	Process not Found
2588	Process not Found
2408	NEAS.1425724b45203d95979b37b9fef11b907.exe
2616	cmd.exe
2408	NEAS.1425724b45203d95979b37b9fef11b907.exe
2616	cmd.exe
2088	cmd.exe
2088	cmd.exe
2984	Process not Found
1440	NEAS.1425724b45203d95979b37b9fef11b907.exe
1440	NEAS.1425724b45203d95979b37b9fef11b907.exe
2248	Process not Found
2796	Process not Found
1956	Process not Found
1220	conhost.exe
1220	conhost.exe
1944	conhost.exe
2636	cmd.exe
2636	cmd.exe
3040	Process not Found
1356	NEAS.1425724b45203d95979b37b9fef11b903.exe
1356	NEAS.1425724b45203d95979b37b9fef11b903.exe
1384	Process not Found
832	cmd.exe
2328	conhost.exe
832	cmd.exe
2328	conhost.exe
2420	cmd.exe
600	Process not Found
2420	cmd.exe
1740	conhost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Windows\CurrentVersion\Run\36283 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.1425724b45203d95979b37b9fef11b903.exe"	NEAS.1425724b45203d95979b37b9fef11b903.exe

Kills process with taskkill 59 IoCs

evasion

pid	Process
13572	Process not Found
5892	taskkill.exe
7072	taskkill.exe
11424	Process not Found
5916	taskkill.exe
5764	taskkill.exe
6992	taskkill.exe
6232	taskkill.exe
5880	taskkill.exe
7084	taskkill.exe
948	Process not Found
5348	taskkill.exe
5752	taskkill.exe
1924	taskkill.exe
7020	taskkill.exe
12664	Process not Found
12680	Process not Found
13452	Process not Found
5200	taskkill.exe
7000	taskkill.exe
6228	taskkill.exe
6920	taskkill.exe
12688	Process not Found
1544	taskkill.exe
7008	taskkill.exe
10616	Process not Found
1904	taskkill.exe
5332	taskkill.exe
5252	taskkill.exe
7036	taskkill.exe
6960	taskkill.exe
5832	taskkill.exe
7116	taskkill.exe
5372	taskkill.exe
6904	taskkill.exe
7040	taskkill.exe
7032	taskkill.exe
7024	taskkill.exe
13284	Process not Found
12400	Process not Found
13580	Process not Found
5180	taskkill.exe
5208	taskkill.exe
5640	taskkill.exe
13028	Process not Found
6912	taskkill.exe
6968	taskkill.exe
6000	taskkill.exe
5324	taskkill.exe
10592	Process not Found
11520	Process not Found
1836	taskkill.exe
5860	taskkill.exe
3188	Process not Found
12392	Process not Found
12620	Process not Found
5312	taskkill.exe
5928	taskkill.exe
11528	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAssignPrimaryTokenPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLockMemoryPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeIncreaseQuotaPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeMachineAccountPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeTcbPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSecurityPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeTakeOwnershipPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLoadDriverPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemProfilePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemtimePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeProfSingleProcessPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeIncBasePriorityPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreatePagefilePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreatePermanentPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeBackupPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeRestorePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeShutdownPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeDebugPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAuditPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemEnvironmentPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeChangeNotifyPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeRemoteShutdownPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeUndockPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSyncAgentPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeEnableDelegationPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeManageVolumePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeImpersonatePrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreateGlobalPrivilege	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: 31	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: 32	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: 33	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: 34	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: 35	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreateTokenPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAssignPrimaryTokenPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLockMemoryPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeIncreaseQuotaPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeMachineAccountPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeTcbPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSecurityPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeTakeOwnershipPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLoadDriverPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemProfilePrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreateTokenPrivilege	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemtimePrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAssignPrimaryTokenPrivilege	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeProfSingleProcessPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeIncBasePriorityPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreatePagefilePrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreatePermanentPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeBackupPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeRestorePrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLockMemoryPrivilege	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeShutdownPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeIncreaseQuotaPrivilege	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeDebugPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAuditPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeSystemEnvironmentPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeChangeNotifyPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeCreateTokenPrivilege	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeRemoteShutdownPrivilege	2672	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeAssignPrimaryTokenPrivilege	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe
Token: SeLockMemoryPrivilege	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2656	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	28
PID 1688 wrote to memory of 2656	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	28
PID 1688 wrote to memory of 2656	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	28
PID 2656 wrote to memory of 2388	2656	cmd.exe	29
PID 2656 wrote to memory of 2388	2656	cmd.exe	29
PID 2656 wrote to memory of 2388	2656	cmd.exe	29
PID 1688 wrote to memory of 2276	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	30
PID 1688 wrote to memory of 2276	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	30
PID 1688 wrote to memory of 2276	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	30
PID 2276 wrote to memory of 2672	2276	cmd.exe	34
PID 2276 wrote to memory of 2672	2276	cmd.exe	34
PID 2276 wrote to memory of 2672	2276	cmd.exe	34
PID 1688 wrote to memory of 2708	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	33
PID 1688 wrote to memory of 2708	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	33
PID 1688 wrote to memory of 2708	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	33
PID 2708 wrote to memory of 2792	2708	cmd.exe	35
PID 2708 wrote to memory of 2792	2708	cmd.exe	35
PID 2708 wrote to memory of 2792	2708	cmd.exe	35
PID 1688 wrote to memory of 2776	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	36
PID 1688 wrote to memory of 2776	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	36
PID 1688 wrote to memory of 2776	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	36
PID 2776 wrote to memory of 2668	2776	cmd.exe	38
PID 2776 wrote to memory of 2668	2776	cmd.exe	38
PID 2776 wrote to memory of 2668	2776	cmd.exe	38
PID 1688 wrote to memory of 2760	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	40
PID 1688 wrote to memory of 2760	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	40
PID 1688 wrote to memory of 2760	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	40
PID 2760 wrote to memory of 2696	2760	cmd.exe	41
PID 2760 wrote to memory of 2696	2760	cmd.exe	41
PID 2760 wrote to memory of 2696	2760	cmd.exe	41
PID 1688 wrote to memory of 2244	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	48
PID 1688 wrote to memory of 2244	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	48
PID 1688 wrote to memory of 2244	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	48
PID 2792 wrote to memory of 2724	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	42
PID 2792 wrote to memory of 2724	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	42
PID 2792 wrote to memory of 2724	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	42
PID 2388 wrote to memory of 2736	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	46
PID 2388 wrote to memory of 2736	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	46
PID 2388 wrote to memory of 2736	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	46
PID 2244 wrote to memory of 2904	2244	cmd.exe	47
PID 2244 wrote to memory of 2904	2244	cmd.exe	47
PID 2244 wrote to memory of 2904	2244	cmd.exe	47
PID 1688 wrote to memory of 2584	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	43
PID 1688 wrote to memory of 2584	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	43
PID 1688 wrote to memory of 2584	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	43
PID 2792 wrote to memory of 2616	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	231
PID 2792 wrote to memory of 2616	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	231
PID 2792 wrote to memory of 2616	2792	NEAS.1425724b45203d95979b37b9fef11b90.exe	231
PID 2584 wrote to memory of 2676	2584	cmd.exe	276
PID 2584 wrote to memory of 2676	2584	cmd.exe	276
PID 2584 wrote to memory of 2676	2584	cmd.exe	276
PID 1688 wrote to memory of 2580	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	172
PID 1688 wrote to memory of 2580	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	172
PID 1688 wrote to memory of 2580	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	172
PID 2388 wrote to memory of 2604	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	233
PID 2388 wrote to memory of 2604	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	233
PID 2388 wrote to memory of 2604	2388	NEAS.1425724b45203d95979b37b9fef11b90.exe	233
PID 2580 wrote to memory of 2612	2580	cmd.exe	51
PID 2580 wrote to memory of 2612	2580	cmd.exe	51
PID 2580 wrote to memory of 2612	2580	cmd.exe	51
PID 1688 wrote to memory of 2684	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	280
PID 1688 wrote to memory of 2684	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	280
PID 1688 wrote to memory of 2684	1688	NEAS.1425724b45203d95979b37b9fef11b90.exe	280
PID 2616 wrote to memory of 2624	2616	cmd.exe	57

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+723934.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
      4⤵
      PID:2736
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:2540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        Loads dropped DLL
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+620275.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        8⤵
        
        PID:5704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        9⤵
        
        PID:7068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+016971.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
        8⤵
        
        PID:5556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
        9⤵
        
        PID:8768
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
        7⤵
        
        PID:1476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+931546.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        8⤵
        
        PID:5264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        9⤵
        
        PID:6696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+19118.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:7720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+931023.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        8⤵
        
        PID:5680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        9⤵
        
        PID:5392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+620898.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        8⤵
        
        PID:5152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        9⤵
        
        PID:9064
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:1048
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+29003.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:5504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:5708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+124825.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:4584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:1000
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3432
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:8396
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+930500.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        8⤵
        
        PID:6872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        9⤵
        
        PID:5884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+232678.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:8688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:8976
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:4200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:4768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:6868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:8920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:9096
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:2340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4508
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5252
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:3664
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        6⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        7⤵
        
        PID:9104
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        7⤵
        
        PID:1564
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        6⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        7⤵
        
        PID:10032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:1068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:10116
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:3100
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+246.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
      4⤵
      PID:576
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
      4⤵
      Loads dropped DLL
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:1632
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:300
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:2244
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:1740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+29003.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        8⤵
        
        PID:6116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        9⤵
        
        PID:5252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+124825.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        8⤵
        
        PID:8396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        9⤵
        
        PID:8212
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3300
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        8⤵
        
        PID:5440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        9⤵
        
        PID:6548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        8⤵
        
        PID:8864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        9⤵
        
        PID:768
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3656
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        8⤵
        
        PID:6520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        9⤵
        
        PID:8148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        8⤵
        
        PID:8316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        9⤵
        
        PID:8256
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4060
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:4332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        8⤵
        
        PID:1244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        9⤵
        
        PID:5844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        8⤵
        
        PID:8880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        9⤵
        
        PID:9552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4980
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:3188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+829977.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe
        8⤵
        
        PID:6896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe 1698519884
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe 1698519884
        9⤵
        
        PID:1244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+811690.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe
        8⤵
        
        PID:9024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe 1698519884
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9028.exe 1698519884
        9⤵
        
        PID:9536
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4616
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5372
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:8204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        7⤵
        
        PID:8160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        7⤵
        
        PID:9344
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        6⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        7⤵
        
        PID:8072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:8952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:3796
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:4408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:9504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+723934.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
      4⤵
      PID:2724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:2624
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        Loads dropped DLL
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+0346.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
        8⤵
        
        PID:3688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
        9⤵
        
        PID:3844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6256
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:5832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+36545.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe
        8⤵
        
        PID:3852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe 1698519884
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe 1698519884
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6332
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:6904
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+621843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        8⤵
        
        PID:3604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        9⤵
        
        PID:4652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6504
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:6000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+414399.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
        8⤵
        
        PID:4840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
        9⤵
        
        PID:7088
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        Loads dropped DLL
        
        PID:2088
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:1440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:1220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:1356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2572
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:1928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        Loads dropped DLL
        
        PID:2604
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2132
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        Loads dropped DLL
        
        PID:832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        Loads dropped DLL
        
        PID:2636
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+29003.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:5736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:7324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+124825.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:6216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:9028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3268
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:8244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3620
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:2808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:8700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:9336
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:3528
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:4264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:1380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:9048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:8288
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:4884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:4232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+27958.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:7152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:6220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+215617.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:8952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:7384
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:3664
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4416
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5324
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:4528
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        7⤵
        
        PID:9160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        7⤵
        
        PID:8752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        7⤵
        
        PID:9708
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:9688
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:8216
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:4760
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:5180
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        6⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:2024
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        7⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9015.exe
        8⤵
        
        PID:1852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9015.exe 1698519884
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9015.exe 1698519884
        9⤵
        
        PID:7420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9011.exe
        8⤵
        
        PID:9080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9011.exe 1698519884
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9011.exe 1698519884
        9⤵
        
        PID:10216
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
        7⤵
        
        PID:3440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        7⤵
        
        PID:4764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+27958.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe
        8⤵
        
        PID:7108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe 1698519884
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe 1698519884
        9⤵
        
        PID:6872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+215617.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe
        8⤵
        
        PID:8800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe 1698519884
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9012.exe 1698519884
        9⤵
        
        PID:9492
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
        7⤵
        
        PID:3836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5168
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        7⤵
        
        PID:5424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killwindows 1698519884
        6⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killwindows 1698519884
        7⤵
        
        PID:9112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /KillHardDisk 1698519884
        7⤵
        
        PID:752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killMBR 1698519884
        6⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killMBR 1698519884
        7⤵
        
        PID:9836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
        7⤵
        
        PID:3228
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        7⤵
        
        PID:3020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:10148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
        7⤵
        
        PID:9728
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killwindows 1698519884
        6⤵
        
        PID:3496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+246.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
      4⤵
      PID:436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:1536
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:3636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        8⤵
        
        PID:2252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        9⤵
        
        PID:6888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        8⤵
        
        PID:6120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        9⤵
        
        PID:2124
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4316
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:4864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        8⤵
        
        PID:1372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        9⤵
        
        PID:1372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        8⤵
        
        PID:8140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        9⤵
        
        PID:8872
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4736
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:6792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        6⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        7⤵
        
        PID:7096
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        7⤵
        
        PID:8996
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        6⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        7⤵
        
        PID:10200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:5136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:4672
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:2728
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:1816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:2696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+723934.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
      4⤵
      PID:296
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
      4⤵
      Loads dropped DLL
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:1788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        Loads dropped DLL
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+620797.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        8⤵
        
        PID:5244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        9⤵
        
        PID:6852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+45191.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
        8⤵
        
        PID:8028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
        9⤵
        
        PID:8176
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:2888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2632
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        Executes dropped EXE
        
        PID:308
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+29003.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        8⤵
        
        PID:5224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        9⤵
        
        PID:2928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+124825.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:7332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:7512
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:4160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:7724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:8928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3556
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:5096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:3024
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3260
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:4208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        8⤵
        
        PID:3664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
        9⤵
        
        PID:5820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        8⤵
        
        PID:8840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9071.exe 1698519884
        9⤵
        
        PID:9312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:4776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:4692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+829977.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe
        8⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe 1698519884
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe 1698519884
        9⤵
        
        PID:8296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+811690.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe
        8⤵
        
        PID:8664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe 1698519884
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9078.exe 1698519884
        9⤵
        
        PID:10236
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
        7⤵
        
        PID:2584
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4584
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:7404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        6⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killwindows 1698519884
        7⤵
        
        PID:8388
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /KillHardDisk 1698519884
        7⤵
        
        PID:9032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        6⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /killMBR 1698519884
        7⤵
        
        PID:10208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        7⤵
        
        PID:8932
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        7⤵
        
        PID:10160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:2740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /autoup 1698519884
        6⤵
        
        PID:4276
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+246.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
      4⤵
      PID:1672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
      4⤵
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:2316
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        Executes dropped EXE
        
        PID:3420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        8⤵
        
        PID:6168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9022.exe 1698519884
        9⤵
        
        PID:7156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        8⤵
        
        PID:8152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9027.exe 1698519884
        9⤵
        
        PID:9044
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4256
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:4896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        8⤵
        
        PID:6864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9025.exe 1698519884
        9⤵
        
        PID:8000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        8⤵
        
        PID:9088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
        9⤵
        
        PID:9320
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
        7⤵
        
        PID:4384
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:2776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        6⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killwindows 1698519884
        7⤵
        
        PID:8736
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /KillHardDisk 1698519884
        7⤵
        
        PID:4416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /killMBR 1698519884
        7⤵
        
        PID:9964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
        7⤵
        
        PID:3040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:300
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:1640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        6⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /autoup 1698519884
        7⤵
        
        PID:9792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:2676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+312663.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
      4⤵
      PID:2804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
      4⤵
      Loads dropped DLL
      PID:3044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
        6⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+210049.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
        7⤵
        
        PID:5228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
        7⤵
        
        PID:5484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+91264.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        7⤵
        
        PID:7876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        8⤵
        
        PID:5256
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5424
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        7⤵
        
        PID:5300
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
        6⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
        7⤵
        
        PID:9148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
        7⤵
        
        PID:9544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
        7⤵
        
        PID:7896
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        7⤵
        
        PID:4700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        7⤵
        
        PID:4236
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:4940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:6280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+17899.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
      4⤵
      PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /save 1698519884
    3⤵
    - Executes dropped EXE
    PID:2996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:2928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+932591.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
      4⤵
      PID:4460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
        5⤵
        
        PID:4404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6580
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:7084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+918325.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
      4⤵
      PID:5004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
      4⤵
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
        5⤵
        
        PID:5356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6768
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:7020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /autoup 1698519884
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /autoup 1698519884
        7⤵
        
        PID:3764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /killwindows 1698519884
        6⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /killwindows 1698519884
        7⤵
        
        PID:5052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /KillHardDisk 1698519884
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /KillHardDisk 1698519884
        7⤵
        
        PID:9440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe /killMBR 1698519884
        6⤵
        
        PID:10024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:1656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+312663.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
      4⤵
      PID:2816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
        5⤵
        Executes dropped EXE
        
        PID:1748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        7⤵
        
        PID:3688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
        8⤵
        
        PID:2784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
        9⤵
        
        PID:4824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe
        8⤵
        
        PID:2808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe 1698519884
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe 1698519884
        9⤵
        
        PID:1672
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
        7⤵
        
        PID:4424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        7⤵
        
        PID:5060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe
        8⤵
        
        PID:1556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe 1698519884
        8⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe 1698519884
        9⤵
        
        PID:5412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe
        8⤵
        
        PID:8992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe 1698519884
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe 1698519884
        9⤵
        
        PID:9584
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
        7⤵
        
        PID:1776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        7⤵
        
        PID:4152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
        7⤵
        
        PID:1852
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
        7⤵
        
        PID:9328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
        6⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
        7⤵
        
        PID:8152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
        7⤵
        
        PID:3408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        7⤵
        
        PID:3172
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:8776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
        6⤵
        
        PID:9696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+17899.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
      4⤵
      PID:1652
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
      4⤵
      PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:2548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:2376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:3068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
    3⤵
    - Executes dropped EXE
    PID:2708
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+931023.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
      4⤵
      PID:5712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
        5⤵
        
        PID:5684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+620898.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
      4⤵
      PID:8196
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
        5⤵
        
        PID:8704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:1704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:2252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:2976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:1656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+29003.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
      4⤵
      PID:992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
        5⤵
        
        PID:6864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+124825.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
      4⤵
      PID:8904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
        5⤵
        
        PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:3144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:3244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:3404
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+519752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
      4⤵
      PID:5584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
        5⤵
        
        PID:3016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+528751.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
      4⤵
      PID:9032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
        5⤵
        
        PID:9240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:3492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:3580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:3824
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
      4⤵
      PID:6548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
        5⤵
        
        PID:1980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
      4⤵
      PID:9056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe 1698519884
        5⤵
        
        PID:9408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:3332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:4192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
      4⤵
      PID:1980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b905.exe 1698519884
        5⤵
        
        PID:5836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
      4⤵
      PID:8968
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
        5⤵
        
        PID:2840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:4384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:4792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:5052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:2676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+829977.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
      4⤵
      PID:6888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
        5⤵
        
        PID:5712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+811690.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
      4⤵
      PID:5284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
        5⤵
        
        PID:8144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
  2⤵
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
    3⤵
    PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4140
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
  2⤵
  PID:7420
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
    3⤵
    PID:7204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killwindows 1698519884
  2⤵
  PID:5288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killwindows 1698519884
    3⤵
    PID:8376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /KillHardDisk 1698519884
  2⤵
  PID:8928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /KillHardDisk 1698519884
    3⤵
    PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killMBR 1698519884
  2⤵
  PID:8900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killMBR 1698519884
    3⤵
    PID:8820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
  2⤵
  PID:9264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
    3⤵
    PID:10080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
  2⤵
  PID:6520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
    3⤵
    PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe C:\windows\system32\taskmgr.exe
  2⤵
  PID:9924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
  2⤵
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /autoup 1698519884
    3⤵
    PID:9420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killwindows 1698519884
  2⤵
  PID:9396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /killwindows 1698519884
    3⤵
    PID:6120

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+231460.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
  2⤵
  PID:588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+311617.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:2664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
  2⤵
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe 1698519884
    3⤵
    - Executes dropped EXE
    PID:2604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6012
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:1544

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+0346.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
  2⤵
  PID:3444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
  2⤵
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
    3⤵
    - Executes dropped EXE
    PID:3816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6192
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+36545.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:4068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:3516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6384
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7072

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+0346.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
    3⤵
    PID:3944
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6272
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+36545.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:4724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6512
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6960

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+621843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
  2⤵
  PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
  2⤵
  PID:4080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
    3⤵
    PID:4440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6460
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+414399.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
  2⤵
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
    3⤵
    PID:4944
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6636
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7024

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
1⤵
- Executes dropped EXE
PID:676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
  2⤵
  PID:3832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
    3⤵
    - Executes dropped EXE
    PID:3084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+28481.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
      4⤵
      PID:6164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
      4⤵
      PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
        5⤵
        
        PID:4140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+73837.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe
      4⤵
      PID:8912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe 1698519884
      4⤵
      PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9037.exe 1698519884
        5⤵
        
        PID:8664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
  2⤵
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
    3⤵
    PID:4092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
  2⤵
  PID:4140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
    3⤵
    PID:4552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+519229.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe
      4⤵
      PID:6952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe 1698519884
      4⤵
      PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9035.exe 1698519884
        5⤵
        
        PID:6164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+17764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe
      4⤵
      PID:8688
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe 1698519884
      4⤵
      PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9031.exe 1698519884
        5⤵
        
        PID:8252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
  2⤵
  PID:4740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
    3⤵
    PID:3508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
  2⤵
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
    3⤵
    PID:5076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+27958.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
      4⤵
      PID:7096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
        5⤵
        
        PID:5488
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe+215617.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
      4⤵
      PID:8752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
      4⤵
      PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9032.exe 1698519884
        5⤵
        
        PID:8700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
  2⤵
  PID:1848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /save 1698519884
    3⤵
    PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5284
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
  2⤵
  PID:8144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
    3⤵
    - Adds Run key to start application
    PID:6868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
  2⤵
  PID:8768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killwindows 1698519884
    3⤵
    PID:5828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
  2⤵
  PID:9044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /KillHardDisk 1698519884
    3⤵
    PID:6588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
  2⤵
  PID:9392
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /killMBR 1698519884
    3⤵
    PID:10192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /protect 1698519884
    3⤵
    PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
  2⤵
  PID:4812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
    3⤵
    PID:3112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe C:\windows\system32\taskmgr.exe
  2⤵
  PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe /autoup 1698519884
  2⤵
  PID:3188

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+311094.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:3328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:3928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6392
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+810472.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
  2⤵
  PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
  2⤵
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
    3⤵
    PID:3708
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6688
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7040

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+311094.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:3848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:4052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6344
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+810472.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
  2⤵
  PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
  2⤵
  PID:4760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
    3⤵
    PID:3948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6712
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:1924

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+621843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
  2⤵
  PID:2160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
  2⤵
  PID:4068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
    3⤵
    PID:4432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6408
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+414399.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
  2⤵
  PID:4600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
  2⤵
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
    3⤵
    PID:4628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6620
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6228

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+621843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
  2⤵
  PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
  2⤵
  PID:4160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
    3⤵
    PID:4632
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6432
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:1836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+414399.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
  2⤵
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
    3⤵
    PID:3852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6664
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5892

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+311094.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:3296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:2904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6352
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+810472.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
  2⤵
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b908.exe 1698519884
    3⤵
    PID:3960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6608
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7008

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+0346.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
  2⤵
  PID:3752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
  2⤵
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
    3⤵
    PID:3696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6296
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+36545.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:4516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:4972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6452
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7116

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
1⤵
- Executes dropped EXE
PID:2052

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
1⤵
- Executes dropped EXE
PID:2940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+932591.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
  2⤵
  PID:4180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
    3⤵
    PID:2160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6656
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+918325.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
  2⤵
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9079.exe 1698519884
    3⤵
    PID:5364
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6776
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:1904

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
1⤵
- Executes dropped EXE
PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
  2⤵
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
    3⤵
    PID:4956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+829977.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe
      4⤵
      PID:7132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe 1698519884
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe 1698519884
        5⤵
        
        PID:5768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe+811690.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe
      4⤵
      PID:752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe 1698519884
      4⤵
      PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9018.exe 1698519884
        5⤵
        
        PID:8804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
  2⤵
  PID:3632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /save 1698519884
    3⤵
    PID:4460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4824
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
  2⤵
  PID:7428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
    3⤵
    PID:5700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killwindows 1698519884
  2⤵
  PID:9000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killwindows 1698519884
    3⤵
    PID:8060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /KillHardDisk 1698519884
  2⤵
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /KillHardDisk 1698519884
    3⤵
    PID:9272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killMBR 1698519884
  2⤵
  PID:9728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /killMBR 1698519884
    3⤵
    PID:8856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
  2⤵
  PID:7316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /protect 1698519884
    3⤵
    PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
  2⤵
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
    3⤵
    PID:2028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe C:\windows\system32\taskmgr.exe
  2⤵
  PID:7504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe /autoup 1698519884
  2⤵
  PID:9572

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19510265032692636032141171824342157478-11641510151023094754-10585263651516690455"
1⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
1⤵
- Executes dropped EXE
PID:688

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4853123401307885908-1311964320-9209048341124202182-729938544-1046162669-1839674304"
1⤵
- Loads dropped DLL
PID:820

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:1140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+310572.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
  2⤵
  PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
  2⤵
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe 1698519884
    3⤵
    PID:4560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+422252.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
  2⤵
  PID:5296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
  2⤵
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b904.exe 1698519884
    3⤵
    PID:7140

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
1⤵
- Executes dropped EXE
PID:1548

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1866632655464804328-8326055352115219714-4934104941114156894-6829502981973255530"
1⤵
PID:1088

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-436709127-6454034451559331904293748062-894113948727716691960045167-1085165514"
1⤵
- Loads dropped DLL
PID:1492

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:3060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-826212169-377956702-789896224-826068722-17938292252000432506-967959551448852170"
1⤵
PID:2528

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1197043645783274073611500582600550016-27266965913206052867741615461820752435"
1⤵
PID:2968

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1403993261-497469874-6698220351448869470-15672967231814628238-2067672840-928172724"
1⤵
- Loads dropped DLL
PID:3032

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
1⤵
- Executes dropped EXE
PID:1316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+931023.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe
  2⤵
  PID:5664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe 1698519884
  2⤵
  PID:7620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe 1698519884
    3⤵
    PID:5208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+620898.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9026.exe
  2⤵
  PID:1140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9026.exe 1698519884
  2⤵
  PID:5288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9026.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9026.exe 1698519884
    3⤵
    PID:4860

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+931023.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
  2⤵
  PID:5652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
  2⤵
  PID:7336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
    3⤵
    PID:7180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+620898.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
  2⤵
  PID:6884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
  2⤵
  PID:8792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
    3⤵
    PID:9220

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
1⤵
- Executes dropped EXE
PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+620275.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
  2⤵
  PID:5724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
  2⤵
  PID:7448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9076.exe 1698519884
    3⤵
    PID:7444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+016971.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
  2⤵
  PID:8712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
  2⤵
  PID:8044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9070.exe 1698519884
    3⤵
    PID:8720

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:1488

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-177404838-334213193-136108238719228505411704575219727327660713538727980515603"
1⤵
PID:904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-68972128-1882286589-702586935-1404513349-606099504516405803-23555451026468427"
1⤵
- Loads dropped DLL
PID:1220
- C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
  2⤵
  - Executes dropped EXE
  PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+310572.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe
    3⤵
    PID:3144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe 1698519884
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9073.exe 1698519884
      4⤵
      PID:5304
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6752
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:7032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+422252.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
    3⤵
    PID:5412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
    3⤵
    PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9074.exe 1698519884
      4⤵
      PID:5728

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+620275.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
  2⤵
  PID:5696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
  2⤵
  PID:7980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b906.exe 1698519884
    3⤵
    PID:8016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+016971.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
  2⤵
  PID:7316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
  2⤵
  PID:6524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b900.exe 1698519884
    3⤵
    PID:9040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-987698390-408897708-1292868083343902024-1568015145-1840110870-1087391899-1061599003"
1⤵
- Loads dropped DLL
PID:1000

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /protect 1698519884
1⤵
- Executes dropped EXE
PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+29526.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe
  2⤵
  PID:5192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9072.exe 1698519884
  2⤵
  PID:5436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe+513044.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
  2⤵
  PID:7464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
  2⤵
  PID:4740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9075.exe 1698519884
    3⤵
    PID:6896

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe /protect 1698519884
1⤵
- Executes dropped EXE
PID:1652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+931546.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe
  2⤵
  PID:5236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe 1698519884
  2⤵
  PID:312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9029.exe 1698519884
    3⤵
    PID:6564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe+19118.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
  2⤵
  PID:7328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
  2⤵
  PID:1676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b9021.exe 1698519884
    3⤵
    PID:8668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1959601455-14448657481064242253-2076192411085549343-1863471855338622553-1612819781"
1⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe /save 1698519884
1⤵
- Executes dropped EXE
PID:2300

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+931546.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
  2⤵
  PID:5276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
  2⤵
  PID:5408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
    3⤵
    PID:6556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+19118.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
  2⤵
  PID:8008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
  2⤵
  PID:9072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe 1698519884
    3⤵
    PID:6168

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1714810319-1978220748975107353-589581778-446416361653520705-401247508897938509"
1⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /save 1698519884
1⤵
PID:2000

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "347769025172575870984532246-12357317031010418345-130320816817843081942026373290"
1⤵
- Loads dropped DLL
PID:1944

C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe /protect 1698519884
1⤵
PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+932591.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
  2⤵
  PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
  2⤵
  PID:4584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
    3⤵
    PID:3492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6728
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b90.exe+918325.txt C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
  2⤵
  PID:5160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b909.exe 1698519884
    3⤵
    PID:5740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6804
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6232

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-247047107470057919-1541429395142343926359534008533234517-376434852-1424498005"
1⤵
PID:1600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "453976858125149028159445274-1475832485-513389871964484649-7728565651656281089"
1⤵
PID:2684

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "490529742598100183239990047946429039-46663451245784970-428339243-1771341674"
1⤵
- Loads dropped DLL
PID:2328

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-206739170133005319-8050999521729372672845947915-1716420582-1955558692-794805211"
1⤵
- Loads dropped DLL
PID:1740

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "948418305-310049066-1096764856-5094241157798421711720432166-1067520072-1523503222"
1⤵
PID:3168

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-100005718010712568310050693237522187341777517335-17194512851017306234959494477"
1⤵
PID:3868

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-220592121-1049271699-411638609-2571461821865547284-134444579319667413131965875498"
1⤵
PID:2988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-764856003-1331506748-920082888-10654046602117524115-88968476187809540-558782148"
1⤵
PID:4408

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1020208207-1530917123-12789583761693333401945713542805356186-1942557411-2010297796"
1⤵
PID:3736

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11645396029591138441536750984-425326801-20804170851419681799-292952455-2143724642"
1⤵
PID:5100

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1151246498-2038269665-1351318770-1957046463-853485760-11297219311698375565-53372194"
1⤵
PID:3604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "916164705-1084711642-943602701-2261077201706449300-125862858184220200-1320629377"
1⤵
PID:4600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-830191510-1973600271517149401-9575287321583265639-2131849762-1531755732-742526764"
1⤵
PID:7720

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1356547082209692487720801433657605290541909976830-1450767744-13422111541186088681"
1⤵
PID:7876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1610379994-162915405-7797561181781303969550365778311803956-994950060-624943601"
1⤵
PID:7736

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1365285939543612382-1077534646-17344437931437719267-1633864832-2133556300-930020470"
1⤵
PID:8168

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-176656300-1901743250-1815709466924576224-110445803519031353511555149800-592405824"
1⤵
PID:8120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-145249670717696808148121226101697433713-359249036-687352983-180238688-1489516552"
1⤵
PID:7992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16390276001235611313-21086355414520439991951211481-1674381410-1637387849-687387130"
1⤵
PID:8184

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1620544337-220226362-791879050787378351126775673-64781423416287175591581199601"
1⤵
PID:8036

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8948970081463629572-1235351921-1785787206-96779117012146270692044417561-1128148670"
1⤵
PID:8008

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-23750545-1869306890208203506219006164641807919773509939866-20813246621353577309"
1⤵
PID:7332

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "283737170-1891663612-874055134-753686584-1777901666-1287681780-143565920-343285590"
1⤵
PID:4740

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1300204925-10636195544366968671317997480416822109161521867219644089311435312631"
1⤵
PID:8828

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1770837914614040234-836000720-1762344621844755982-1191392566-1847289921-990673187"
1⤵
PID:8808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "917770111-446888077-1927614275-8117020733287033371532631687-118853998-1458155552"
1⤵
PID:9056

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1415159018-380653203409999603-18650696228352730021717661343-1274213338-1327898977"
1⤵
PID:8880

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1619682324-1895878362-593719426455498892-1568896158-709452802-812143982-1320049167"
1⤵
PID:7680

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "179787166664541883916066795971398050065-20637061281512356644-8193561321940168967"
1⤵
PID:8900

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3586609937668986881380701497-1529114408376939952074473925-1226171458-410432400"
1⤵
PID:8876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15649027631055108416-133885818240826899629051552747474225710712982051442870398"
1⤵
PID:9080

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-623946049-29989871919634347191459927442-2043780338-1834830149-2107153952-2133730094"
1⤵
PID:5288

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1506081858-461420575-7016662641088673860-1046104781-9760914-4574957211838856982"
1⤵
PID:8912

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "471884991323138316808643018-1424428479135819820-386559848418880960942803927"
1⤵
PID:9200

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1345909706776234966-7408736801485784158832235234-212325776-74844735-752633332"
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\124825.txt

Filesize
5B

MD5
51200d29d1fc15f5a71c1dab4bb54f7c

SHA1
d07a29e8316f30d7e76b6bdb7a0b82f2815d7416

SHA256
fb0924424ca6fe968898c408c84c932ba3aec5698674e2523026ac41e4f09442

SHA512
c3eb0a32c12e6b22daba9b99dcad79ed65b579c6b95be3753f9dcd68c8a208c1e74d1e73fc0bf2e94001d051d4b10b2702713356b2162ef5dfe8e8814d23da01

Download Submit
C:\Users\Admin\AppData\Local\Temp\134435.bat

Filesize
124B

MD5
b867fc1d8bc1d9e6583e1961dbcbba71

SHA1
c1d25e0097635983304fa298d26f52f21ff8d1e6

SHA256
88911a1e8b4abe7e13756865c9fe367f001baf19210488bbaed1c92e273d5d2a

SHA512
d13a0db76c8c3d7e2ff083b9dfefca257b3d694a939356afe64c2841bba902312da2906992d282a2d2cf9621ab139a0bf0e6cb40807a80709244d98ce686c754

Download Submit
C:\Users\Admin\AppData\Local\Temp\17764.txt

Filesize
5B

MD5
dd87a43132f3ce443d1e50b29019de3b

SHA1
a5cc4021e4ea58d70a9429386bf829ab3038a5d9

SHA256
ad00db91a8fa600bdd3a38cb0176f130991f464ef9a3bb6ce3519fb167c893ce

SHA512
5491e109bd53f0f86326f9f7f2a384623b31bbd482e420d0305767c85b18d08397557dfe62ac55fa867399968f713f780c061b39091febce2a5ecc7b665e6ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\17899.txt

Filesize
4B

MD5
d2849eee3432ef804bfccac1a9cb24f0

SHA1
0b29ab3e1b0160417fc49c7759046c195acdc0e2

SHA256
0c73ebfedfb4af1e074a8cc2e9c530a9ae8fbc79eae5b5894cb8adfe12e31ee5

SHA512
2b2b179c3cea7cb0f7ea47a6607824a6bbf3aaccc3b0418648fbc0852be351ac621a3fc4549dd7cfe3aa780f43e6457e6ba5c76c04bb30de692e5e3edb5ae73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\17899.txt

Filesize
4B

MD5
d2849eee3432ef804bfccac1a9cb24f0

SHA1
0b29ab3e1b0160417fc49c7759046c195acdc0e2

SHA256
0c73ebfedfb4af1e074a8cc2e9c530a9ae8fbc79eae5b5894cb8adfe12e31ee5

SHA512
2b2b179c3cea7cb0f7ea47a6607824a6bbf3aaccc3b0418648fbc0852be351ac621a3fc4549dd7cfe3aa780f43e6457e6ba5c76c04bb30de692e5e3edb5ae73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\18046.bat

Filesize
123B

MD5
bdbb046062d007f6dbc90f458c27ffce

SHA1
74b8ff7105470b2e95abfaf912ebb3a9ae079436

SHA256
a2d53a79568db26ccaea1bdbcf7298d6044e132a6cc5c01d3a145b93954a38ed

SHA512
757dfca99cfff2898e0a6029be2b63f944d9695d6f2fa49677fa9dd75af7c15249ca56ffb0e757f9a68b19556abcf41a9da08036fef3bd833182bb835d668ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\18801.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\23149.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\23149.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\246.txt

Filesize
5B

MD5
ec42787cefadf6378e1fd7917aa05b5f

SHA1
01897cb89897449e5fd624f0ec8fa0004eddab57

SHA256
4a638abcfe41d3b8cd8d01eef8a9e3b2a0c2a83b39ce32764091ded353793a12

SHA512
8cada32c1ceafc3dc96c13e4f36093f401a52dd7d3678a6d740a82f9367b78d1a294d43893f656a4f4967fb3bf166b4d327e04a279406b6586c78d4e57fd4ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\246.txt

Filesize
5B

MD5
ec42787cefadf6378e1fd7917aa05b5f

SHA1
01897cb89897449e5fd624f0ec8fa0004eddab57

SHA256
4a638abcfe41d3b8cd8d01eef8a9e3b2a0c2a83b39ce32764091ded353793a12

SHA512
8cada32c1ceafc3dc96c13e4f36093f401a52dd7d3678a6d740a82f9367b78d1a294d43893f656a4f4967fb3bf166b4d327e04a279406b6586c78d4e57fd4ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\28355.bat

Filesize
122B

MD5
70b3f080285cc83ef0a02ed222093f94

SHA1
c0905ce22760fa44ed3ce44d1308ba060abd6414

SHA256
f8b58a724db2a382511c728990289b54077c65bdfbb217c9b7140ed1863e2630

SHA512
fb115b68238e29e38412e54ada170e3faf3c3781ac326d0db8b050f53157decd0a5d7ad320259b2c0f36a8f949e8b0b18b398d83a27f91f1991648a0ac13fceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\29003.txt

Filesize
5B

MD5
af6e15cfa6c456895fd802a9d29ead74

SHA1
5157f5c5846f86c4dca2dea6796bf33013d6b568

SHA256
97531b35d64e268e57f688a457a656f11a15d8fe1bb829ece488737603d37c85

SHA512
5fcd6ef4b12a8cac597d2067f9c3583095d142ba60494cf3475881d012bf0b85f8dc4583c16e4728ed12213279c144e4908dc61d8bd911f4a87f07911c633c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\30315.bat

Filesize
124B

MD5
4e033cf2014e1c937bfbe0d891f1d379

SHA1
96304cdd8540c36f46b815d537988bddf128dc78

SHA256
64ea9ae86239b6bcd57356744b0457c199718a5d8cd52b82b377e4c1c6013add

SHA512
0eabb935983451b410ad53d0f5bd6e605f94c0001e2a946d4621b014870cec6012c62ef9d6341b435d9b26a7dc1dfef335ad2772dcee92a2c7e9ccd33364f6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\312663.txt

Filesize
5B

MD5
ca07544bf48826672810e8afd6575408

SHA1
9c5e940e014c9c30f688c1ad60abf5c45c0b910b

SHA256
80891c5dbd73e51067d210204759b06f4e2fab7fd339eefc1edfa6ee7660fda6

SHA512
9c08c66b0f6b8360bf2134c05ec771bea8e8da87f6aa7da0f33019a64fd1cc1a1c3dbc93fc19d65401291b9ad162948b330f708ce4203f8ab22056beb9751acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\312663.txt

Filesize
5B

MD5
ca07544bf48826672810e8afd6575408

SHA1
9c5e940e014c9c30f688c1ad60abf5c45c0b910b

SHA256
80891c5dbd73e51067d210204759b06f4e2fab7fd339eefc1edfa6ee7660fda6

SHA512
9c08c66b0f6b8360bf2134c05ec771bea8e8da87f6aa7da0f33019a64fd1cc1a1c3dbc93fc19d65401291b9ad162948b330f708ce4203f8ab22056beb9751acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\41934.bat

Filesize
123B

MD5
b6eb879e2e9ed934f172ee782f1de4cc

SHA1
82d5143df168a542bcc06ef86940edc1967295f6

SHA256
ea59b80f65ed3069cf1d28f1419c8422f4d1e1b3b053afdf450fbc2aa2a86e5e

SHA512
c6107fe512177392e8c119cae31f1bca86d56988b2ff2584e6a70f1f494ebc1cc53bebe10e53c0c397637a3b6e5b20c3012b399161eb43683abd82d06826a2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\44260.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\44260.bat

Filesize
111B

MD5
591e88235241a6cee41f33f932c23cbe

SHA1
51f8c8fdf31c012bd04f0a6dd899fc449b3dc3fb

SHA256
64abdc9c62da4c15b11a153600434ef0c1b66ea8dc43acdf87cf90fe9d0fff00

SHA512
6eee21c3c6afee98c67c5db3d51d1845ba91052f4a332eaa2f247e9684bfae6887951cbc10616749b2f9c4f6171a4c9b6b409d4fdc373766c522e6be75b5e62d

Download Submit
C:\Users\Admin\AppData\Local\Temp\519229.txt

Filesize
5B

MD5
7cb5e67dcb46bf8e72775e508b9fd309

SHA1
8d6c72077148250d88dcdbaa7252c89d5ee510a8

SHA256
c8fe9f98ea95ed82bf7348fb5eb4947ac72afabd74b6071408a0e13d9840cabd

SHA512
facf70e292959e1f8cb26bfb379c471e815128dadd657a37a30727d6b70a5fbdb50704daf442a4cc11c17a571cc73e11c14fe2246869e7fc6e8205c3f68ca7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\519752.txt

Filesize
5B

MD5
aff272815fa63358420d88a9c6d37b91

SHA1
6c92aec1587d63367c2506583a7754776924c110

SHA256
f4d00c9cf6d72b2736bf474b1fc96b2eb1b8b65edfc95daacb4b665ff3ee47bc

SHA512
e6868dbb6176bb140024432618f1ef349476b4ea1b2ed898127ad3f8d097057a41d8bb47a1c3454ebb12f32e3ea78a4b1d20af3e54bccd0639bd78fc34fc1dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\528751.txt

Filesize
4B

MD5
d397c2b2be2178fe6247bd50fc97cff2

SHA1
3bca47d0b94d9c8c62a4bb04b6453286d8e2cfc0

SHA256
c18da8721686119d700c7def51b098d14e2e1858564616d3971c089081b83509

SHA512
8066be132f969f3d3a9b9f8739caa0efd4e8097d31ab8ad7f7ba5403b82d22014979160a447f4a0aca28df0a980b3dfdf0e6ffcfab9f43d98abe3ad09935c38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\723934.txt

Filesize
5B

MD5
5cd338743288fdb62b74ee279d51bf93

SHA1
f99246fa9735d70ed6ca84ceba88211d362c8a7c

SHA256
7f3d8bfc507ef1e2de7120b1213a4b9ce2a843a9b2d983988aeebcccea984dff

SHA512
8e4f38fabf9b5999b314c81e77cbd088ef547696f84fa8803e1a77150c9a21af161ff8b77120c8c601b5c0a1dc6cf766f3c90075e52cce6af69134b381ce98c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\723934.txt

Filesize
5B

MD5
5cd338743288fdb62b74ee279d51bf93

SHA1
f99246fa9735d70ed6ca84ceba88211d362c8a7c

SHA256
7f3d8bfc507ef1e2de7120b1213a4b9ce2a843a9b2d983988aeebcccea984dff

SHA512
8e4f38fabf9b5999b314c81e77cbd088ef547696f84fa8803e1a77150c9a21af161ff8b77120c8c601b5c0a1dc6cf766f3c90075e52cce6af69134b381ce98c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\73837.txt

Filesize
4B

MD5
442cde81694ca09a626eeddefd1b74ca

SHA1
107c7da7bec6cbded6393e2ba546ba51f0f16445

SHA256
c699c2458106e30074937995e5f3b117ab4f2657618c42c5f4e5c90bb0801787

SHA512
87a326a84d6dd3372649c7fe06092e5d11bfa90202fa14f58de1e927b68b12b15405d270324642f65f067efc4c906ab5a76020ccec281ddbd28d664fdd3984cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\9615.bat

Filesize
111B

MD5
591e88235241a6cee41f33f932c23cbe

SHA1
51f8c8fdf31c012bd04f0a6dd899fc449b3dc3fb

SHA256
64abdc9c62da4c15b11a153600434ef0c1b66ea8dc43acdf87cf90fe9d0fff00

SHA512
6eee21c3c6afee98c67c5db3d51d1845ba91052f4a332eaa2f247e9684bfae6887951cbc10616749b2f9c4f6171a4c9b6b409d4fdc373766c522e6be75b5e62d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b901.exe

Filesize
3.0MB

MD5
7fb6be0a9c3eca4cd24f3d62194f98b6

SHA1
8951e8b00992cfb4e1059924b74b564656acf1f7

SHA256
42657eba46f9bf708064c6dea10ddb7ffe98a8a3bf65b1ddbc364386687802b0

SHA512
bb8e95fe8d96af8b2c60cc6ddf06fddbbbaaa6a194088b84309f85875e67276bd6fc85e59dd812d1d81bdb57f0ea328d48abd03c2d8b2ca0c50aeaab2aa5e91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b902.exe

Filesize
3.0MB

MD5
95f92ae821896f963a4136674fb2858c

SHA1
11752f9cabb5528769a566bed72f1a773c04b274

SHA256
edf3d5ed9cefd6c8d85e098fa2948b36a45777c99441faf9f1f78f8e78297c8c

SHA512
588635a00971b8afa911e20b05ba12703f3902cadfd05346390a3092466da7902ca55602c3233d179bad449c9214cb78f8619a960b57daa26d0d094a3e414f38

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b903.exe

Filesize
3.0MB

MD5
48b466b1172854203fc6c62883d92fab

SHA1
168a362a9ea2dc9679bcc1c9863bb59c3abc3de5

SHA256
c2cfea2f25ceb126d2d9ca4698ea69247b209ad64833dc34a3ab1a5f580730d1

SHA512
862794259c727736c97811195e1812b4440443c0ff327baf77f67d8d2dae188f86c53efcebaeea57d7d07b16b7b88da0b5c5ec5f7ae611074e3eaba24dea3f7e

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.1425724b45203d95979b37b9fef11b907.exe

Filesize
3.0MB

MD5
d24f26417724dc991838fa13c947868a

SHA1
d40724172411fce7bf9a32d32b32de70188c1060

SHA256
ebf20f58f25bf0d9c1c1cffca70fd76697c0f11347e3fafc0372181de5e550d8

SHA512
727a3847e84cf2efb203ca637b68dc705f2a93835550b9ab44858b80dbc492eb2a8547103dedec283f61f18e3af6db14280723ecb7dfd4517170e680ccff2097

Download Submit
memory/304-170-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/676-191-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/688-198-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/888-187-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/892-184-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1012-181-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1188-164-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1360-173-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1560-175-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1580-196-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1624-176-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1624-188-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1632-115-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1656-89-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1688-105-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1692-141-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1692-114-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1748-192-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1788-113-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1828-158-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1832-174-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1832-195-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1908-189-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2020-169-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2024-201-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2052-166-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2096-161-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2204-179-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2228-180-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2316-165-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2376-163-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2388-43-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2532-200-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2540-110-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2548-112-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2612-108-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2624-109-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2668-107-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2672-106-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2676-90-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2696-59-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2716-197-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2788-204-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2792-46-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2812-202-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2872-186-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2872-172-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2904-94-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2928-217-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2928-199-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2940-203-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2940-215-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2948-111-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2988-95-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads