0a282a1eb954e0c3bca719072d5dee81a939f260642d32ba96bf375f6c7da34d

Analysis

max time kernel
70s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.17d4d31580768282ff68a3b744546d10.exe
Size

3.0MB
MD5

17d4d31580768282ff68a3b744546d10
SHA1

4213197eb61313407de0c17a6d1cd0867a925181
SHA256

0a282a1eb954e0c3bca719072d5dee81a939f260642d32ba96bf375f6c7da34d
SHA512

71a45ccc3208027ae900a31a9330ba2bd1e808d1f8f5cf6124ebcaf649ea987f713419453dd3a4ebbd8579b23be8643d59a6b0adf80bb03d8f4c9dd54dfb2c29
SSDEEP

49152:j495UciMmq/NhjX5p3JOCdLAweZnE5c965nqqIP2Itdx:jk5LhzACdLAlnE5co5nqqIP2Itdx

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
524	NEAS.17d4d31580768282ff68a3b744546d103.exe
1652	NEAS.17d4d31580768282ff68a3b744546d103.exe
1700	NEAS.17d4d31580768282ff68a3b744546d103.exe
1640	NEAS.17d4d31580768282ff68a3b744546d100.exe
1668	NEAS.17d4d31580768282ff68a3b744546d100.exe
2108	NEAS.17d4d31580768282ff68a3b744546d100.exe
1536	NEAS.17d4d31580768282ff68a3b744546d102.exe
1952	NEAS.17d4d31580768282ff68a3b744546d102.exe
2036	NEAS.17d4d31580768282ff68a3b744546d103.exe
2052	NEAS.17d4d31580768282ff68a3b744546d103.exe
2588	NEAS.17d4d31580768282ff68a3b744546d103.exe
1572	NEAS.17d4d31580768282ff68a3b744546d103.exe
2748	NEAS.17d4d31580768282ff68a3b744546d103.exe
2504	NEAS.17d4d31580768282ff68a3b744546d109.exe
576	NEAS.17d4d31580768282ff68a3b744546d103.exe
2900	NEAS.17d4d31580768282ff68a3b744546d103.exe
2800	NEAS.17d4d31580768282ff68a3b744546d103.exe
2556	NEAS.17d4d31580768282ff68a3b744546d106.exe
2416	NEAS.17d4d31580768282ff68a3b744546d103.exe
1880	NEAS.17d4d31580768282ff68a3b744546d103.exe
2760	NEAS.17d4d31580768282ff68a3b744546d103.exe
3028	NEAS.17d4d31580768282ff68a3b744546d102.exe
2828	NEAS.17d4d31580768282ff68a3b744546d103.exe
2364	NEAS.17d4d31580768282ff68a3b744546d103.exe
1208	NEAS.17d4d31580768282ff68a3b744546d105.exe
1448	NEAS.17d4d31580768282ff68a3b744546d103.exe
1708	NEAS.17d4d31580768282ff68a3b744546d103.exe
848	NEAS.17d4d31580768282ff68a3b744546d103.exe
1580	cmd.exe
2156	NEAS.17d4d31580768282ff68a3b744546d103.exe
776	NEAS.17d4d31580768282ff68a3b744546d102.exe
2788	cmd.exe
1304	NEAS.17d4d31580768282ff68a3b744546d103.exe
1832	cmd.exe
892	NEAS.17d4d31580768282ff68a3b744546d103.exe
2412	NEAS.17d4d31580768282ff68a3b744546d103.exe
2540	NEAS.17d4d31580768282ff68a3b744546d103.exe
2832	NEAS.17d4d31580768282ff68a3b744546d103.exe
2128	NEAS.17d4d31580768282ff68a3b744546d103.exe
592	NEAS.17d4d31580768282ff68a3b744546d103.exe
1160	NEAS.17d4d31580768282ff68a3b744546d103.exe
1976	NEAS.17d4d31580768282ff68a3b744546d103.exe
1876	NEAS.17d4d31580768282ff68a3b744546d103.exe
1928	NEAS.17d4d31580768282ff68a3b744546d103.exe
2764	NEAS.17d4d31580768282ff68a3b744546d103.exe
772	NEAS.17d4d31580768282ff68a3b744546d103.exe
1932	NEAS.17d4d31580768282ff68a3b744546d103.exe
2032	NEAS.17d4d31580768282ff68a3b744546d103.exe
3128	NEAS.17d4d31580768282ff68a3b744546d103.exe
3140	NEAS.17d4d31580768282ff68a3b744546d103.exe
3272	NEAS.17d4d31580768282ff68a3b744546d103.exe
3280	NEAS.17d4d31580768282ff68a3b744546d103.exe
3344	NEAS.17d4d31580768282ff68a3b744546d103.exe
3408	NEAS.17d4d31580768282ff68a3b744546d100.exe
3416	NEAS.17d4d31580768282ff68a3b744546d100.exe
3508	NEAS.17d4d31580768282ff68a3b744546d103.exe
3532	NEAS.17d4d31580768282ff68a3b744546d103.exe
3560	NEAS.17d4d31580768282ff68a3b744546d100.exe
3580	NEAS.17d4d31580768282ff68a3b744546d103.exe
3648	NEAS.17d4d31580768282ff68a3b744546d105.exe
3640	NEAS.17d4d31580768282ff68a3b744546d100.exe
3684	NEAS.17d4d31580768282ff68a3b744546d100.exe
3760	NEAS.17d4d31580768282ff68a3b744546d103.exe
3792	NEAS.17d4d31580768282ff68a3b744546d103.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	cmd.exe
2548	cmd.exe
812	Process not Found
2596	cmd.exe
2532	conhost.exe
2596	cmd.exe
2532	conhost.exe
2008	cmd.exe
2008	cmd.exe
2028	Process not Found
1116	Process not Found
1088	cmd.exe
1088	cmd.exe
1676	Process not Found
2376	Process not Found
892	NEAS.17d4d31580768282ff68a3b744546d103.exe
892	NEAS.17d4d31580768282ff68a3b744546d103.exe
1044	cmd.exe
648	cmd.exe
1044	cmd.exe
648	cmd.exe
2264	Process not Found
1448	NEAS.17d4d31580768282ff68a3b744546d103.exe
1448	NEAS.17d4d31580768282ff68a3b744546d103.exe
2940	cmd.exe
2940	cmd.exe
1336	Process not Found
304	Process not Found
988	Process not Found
2236	conhost.exe
2236	conhost.exe
900	conhost.exe
900	conhost.exe
672	cmd.exe
2808	Process not Found
672	cmd.exe
1332	cmd.exe
2764	NEAS.17d4d31580768282ff68a3b744546d103.exe
2156	NEAS.17d4d31580768282ff68a3b744546d103.exe
1332	cmd.exe
2764	NEAS.17d4d31580768282ff68a3b744546d103.exe
2156	NEAS.17d4d31580768282ff68a3b744546d103.exe
2708	Process not Found
1996	cmd.exe
1996	cmd.exe
1584	Process not Found
712	NEAS.17d4d31580768282ff68a3b744546d10.exe
712	NEAS.17d4d31580768282ff68a3b744546d10.exe
1304	NEAS.17d4d31580768282ff68a3b744546d103.exe
2456	cmd.exe
1304	NEAS.17d4d31580768282ff68a3b744546d103.exe
2456	cmd.exe
2692	Process not Found
2040	conhost.exe
2040	conhost.exe
956	Process not Found
2608	Process not Found
1764	Process not Found
1832	cmd.exe
1832	cmd.exe
2612	cmd.exe
2520	cmd.exe
2612	cmd.exe
2520	cmd.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5320	Process not Found
11968	Process not Found

Kills process with taskkill 64 IoCs

evasion

pid	Process
10112	taskkill.exe
11188	Process not Found
12164	Process not Found
7624	taskkill.exe
8512	taskkill.exe
10180	taskkill.exe
11308	Process not Found
5224	taskkill.exe
7044	taskkill.exe
6808	taskkill.exe
10452	taskkill.exe
6192	taskkill.exe
9812	taskkill.exe
10892	taskkill.exe
10972	taskkill.exe
14436	Process not Found
4088	taskkill.exe
6228	taskkill.exe
11860	Process not Found
1156	Process not Found
10676	taskkill.exe
9072	taskkill.exe
9392	taskkill.exe
13360	Process not Found
6488	taskkill.exe
7672	taskkill.exe
3480	taskkill.exe
9904	taskkill.exe
11464	Process not Found
10260	Process not Found
13064	Process not Found
7148	taskkill.exe
7512	taskkill.exe
5900	taskkill.exe
14532	Process not Found
12792	Process not Found
4124	taskkill.exe
4904	taskkill.exe
12476	Process not Found
6412	taskkill.exe
4312	taskkill.exe
9604	taskkill.exe
4928	taskkill.exe
8596	taskkill.exe
9204	taskkill.exe
10284	taskkill.exe
14024	Process not Found
5176	taskkill.exe
5064	taskkill.exe
304	Process not Found
8284	taskkill.exe
2160	Process not Found
4732	taskkill.exe
14160	Process not Found
5264	taskkill.exe
9456	taskkill.exe
7108	Process not Found
4748	taskkill.exe
14232	Process not Found
8320	taskkill.exe
9692	Process not Found
840	taskkill.exe
1368	taskkill.exe
12156	Process not Found

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CE7FB40-75C5-11EE-8599-C619D83E0E05} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89A3DA41-75C5-11EE-8599-C619D83E0E05} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeAssignPrimaryTokenPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeLockMemoryPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeIncreaseQuotaPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeMachineAccountPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTcbPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSecurityPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTakeOwnershipPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeLoadDriverPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemProfilePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemtimePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeProfSingleProcessPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeIncBasePriorityPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreatePagefilePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreatePermanentPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeBackupPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeRestorePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeShutdownPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeDebugPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeAuditPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemEnvironmentPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeChangeNotifyPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeRemoteShutdownPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeUndockPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSyncAgentPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeEnableDelegationPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeManageVolumePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeImpersonatePrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreateGlobalPrivilege	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: 31	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: 32	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: 33	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: 34	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: 35	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreateTokenPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeAssignPrimaryTokenPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeLockMemoryPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeIncreaseQuotaPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeMachineAccountPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTcbPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSecurityPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTakeOwnershipPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeLoadDriverPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemProfilePrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreateTokenPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemtimePrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeProfSingleProcessPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeAssignPrimaryTokenPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeIncBasePriorityPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeLockMemoryPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreatePagefilePrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeIncreaseQuotaPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeCreatePermanentPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeBackupPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeRestorePrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeShutdownPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeMachineAccountPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeDebugPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTcbPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeAuditPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSecurityPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeSystemEnvironmentPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeTakeOwnershipPrivilege	2732	NEAS.17d4d31580768282ff68a3b744546d10.exe
Token: SeChangeNotifyPrivilege	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
3292	iexplore.exe
3292	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2636	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	29
PID 2888 wrote to memory of 2636	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	29
PID 2888 wrote to memory of 2636	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	29
PID 2636 wrote to memory of 2644	2636	cmd.exe	30
PID 2636 wrote to memory of 2644	2636	cmd.exe	30
PID 2636 wrote to memory of 2644	2636	cmd.exe	30
PID 2888 wrote to memory of 2708	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	31
PID 2888 wrote to memory of 2708	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	31
PID 2888 wrote to memory of 2708	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	31
PID 2708 wrote to memory of 2732	2708	cmd.exe	33
PID 2708 wrote to memory of 2732	2708	cmd.exe	33
PID 2708 wrote to memory of 2732	2708	cmd.exe	33
PID 2888 wrote to memory of 2764	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	35
PID 2888 wrote to memory of 2764	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	35
PID 2888 wrote to memory of 2764	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	35
PID 2764 wrote to memory of 2620	2764	cmd.exe	40
PID 2764 wrote to memory of 2620	2764	cmd.exe	40
PID 2764 wrote to memory of 2620	2764	cmd.exe	40
PID 2888 wrote to memory of 2156	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	36
PID 2888 wrote to memory of 2156	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	36
PID 2888 wrote to memory of 2156	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	36
PID 2156 wrote to memory of 2680	2156	NEAS.17d4d31580768282ff68a3b744546d103.exe	38
PID 2156 wrote to memory of 2680	2156	NEAS.17d4d31580768282ff68a3b744546d103.exe	38
PID 2156 wrote to memory of 2680	2156	NEAS.17d4d31580768282ff68a3b744546d103.exe	38
PID 2888 wrote to memory of 2748	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	128
PID 2888 wrote to memory of 2748	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	128
PID 2888 wrote to memory of 2748	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	128
PID 2644 wrote to memory of 2668	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	42
PID 2644 wrote to memory of 2668	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	42
PID 2644 wrote to memory of 2668	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	42
PID 2748 wrote to memory of 2612	2748	NEAS.17d4d31580768282ff68a3b744546d103.exe	197
PID 2748 wrote to memory of 2612	2748	NEAS.17d4d31580768282ff68a3b744546d103.exe	197
PID 2748 wrote to memory of 2612	2748	NEAS.17d4d31580768282ff68a3b744546d103.exe	197
PID 2888 wrote to memory of 2312	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	44
PID 2888 wrote to memory of 2312	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	44
PID 2888 wrote to memory of 2312	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	44
PID 2312 wrote to memory of 2584	2312	cmd.exe	49
PID 2312 wrote to memory of 2584	2312	cmd.exe	49
PID 2312 wrote to memory of 2584	2312	cmd.exe	49
PID 2888 wrote to memory of 1996	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	264
PID 2888 wrote to memory of 1996	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	264
PID 2888 wrote to memory of 1996	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	264
PID 2644 wrote to memory of 2548	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	48
PID 2644 wrote to memory of 2548	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	48
PID 2644 wrote to memory of 2548	2644	NEAS.17d4d31580768282ff68a3b744546d10.exe	48
PID 1996 wrote to memory of 2676	1996	cmd.exe	50
PID 1996 wrote to memory of 2676	1996	cmd.exe	50
PID 1996 wrote to memory of 2676	1996	cmd.exe	50
PID 2888 wrote to memory of 2512	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	52
PID 2888 wrote to memory of 2512	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	52
PID 2888 wrote to memory of 2512	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	52
PID 2620 wrote to memory of 2572	2620	NEAS.17d4d31580768282ff68a3b744546d10.exe	53
PID 2620 wrote to memory of 2572	2620	NEAS.17d4d31580768282ff68a3b744546d10.exe	53
PID 2620 wrote to memory of 2572	2620	NEAS.17d4d31580768282ff68a3b744546d10.exe	53
PID 2512 wrote to memory of 2220	2512	cmd.exe	54
PID 2512 wrote to memory of 2220	2512	cmd.exe	54
PID 2512 wrote to memory of 2220	2512	cmd.exe	54
PID 2888 wrote to memory of 2900	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	261
PID 2888 wrote to memory of 2900	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	261
PID 2888 wrote to memory of 2900	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	261
PID 2900 wrote to memory of 2908	2900	NEAS.17d4d31580768282ff68a3b744546d103.exe	57
PID 2900 wrote to memory of 2908	2900	NEAS.17d4d31580768282ff68a3b744546d103.exe	57
PID 2900 wrote to memory of 2908	2900	NEAS.17d4d31580768282ff68a3b744546d103.exe	57
PID 2888 wrote to memory of 604	2888	NEAS.17d4d31580768282ff68a3b744546d10.exe	59

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+324352.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
      4⤵
      PID:2668
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
      4⤵
      Loads dropped DLL
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+222261.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        8⤵
        
        PID:3904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        9⤵
        
        PID:3908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6208
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:6808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+123196.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:4044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:2040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:7044
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        Loads dropped DLL
        
        PID:2940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+89422.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:6072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:5800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:7660
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:4388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+9854.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe
        8⤵
        
        PID:5872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe 1698520195
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe 1698520195
        9⤵
        
        PID:3696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8556
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810467.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:3896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:5292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:7248
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:7624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810061.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:5396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:5916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8144
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:4312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:672
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        Loads dropped DLL
        
        PID:2612
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        Loads dropped DLL
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+120170.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:5304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:3876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8496
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:8760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+44780.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9144
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+430396.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:5840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:1112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:5428
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:9468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+420487.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:1332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9708
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:10676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3140
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+78376.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        8⤵
        
        PID:6008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        9⤵
        
        PID:4488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10004
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:9260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+124414.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:6220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:6744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3580
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+018602.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        8⤵
        
        PID:6560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+17353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:6148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:1896
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:2716
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:3768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+429350.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+611280.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe
        8⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe 1698520195
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe 1698520195
        9⤵
        
        PID:6336
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:3176
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:4368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+76808.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        8⤵
        
        PID:3412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        9⤵
        
        PID:6840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+826987.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:7304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:1524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:4820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5000
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:4124
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:4980
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        7⤵
        
        PID:6152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        7⤵
        
        PID:8252
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        7⤵
        
        PID:8700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:9080
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:3308
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:5224
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:9948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        6⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        7⤵
        
        PID:9872
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        7⤵
        
        PID:10604
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        6⤵
        
        PID:10812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+08843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:1640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+019125.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        8⤵
        
        PID:6044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        9⤵
        
        PID:6600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+528341.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe
        8⤵
        
        PID:6760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe 1698520195
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe 1698520195
        9⤵
        
        PID:3424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:11000
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:3956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+77853.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        8⤵
        
        PID:6420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        9⤵
        
        PID:7088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+73426.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        8⤵
        
        PID:6236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        9⤵
        
        PID:6548
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:3392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:3376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+328827.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        8⤵
        
        PID:3244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        9⤵
        
        PID:6632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+123060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe
        8⤵
        
        PID:6524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe 1698520195
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe 1698520195
        9⤵
        
        PID:7520
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:4432
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:4948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+328305.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        8⤵
        
        PID:4264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        9⤵
        
        PID:7932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+72072.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        8⤵
        
        PID:8128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        9⤵
        
        PID:8120
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:4292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4540
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5264
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:6608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        7⤵
        
        PID:7552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        7⤵
        
        PID:2804
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        7⤵
        
        PID:7644
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:4080
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:8204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:8392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:9012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        7⤵
        
        PID:8836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        7⤵
        
        PID:9356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        6⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        7⤵
        
        PID:9876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:9824
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:10540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
        5⤵
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+532487.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
        6⤵
        
        PID:5072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
        6⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
        7⤵
        
        PID:5184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        8⤵
        
        PID:7272
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        Kills process with taskkill
        
        PID:7672
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+36135.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        6⤵
        
        PID:5320
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        7⤵
        
        PID:5824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        8⤵
        
        PID:8048
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        
        PID:6436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+324352.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
      4⤵
      PID:2572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
      4⤵
      Loads dropped DLL
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:1700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+5242.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        8⤵
        
        PID:3948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        9⤵
        
        PID:4576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:4216
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+827122.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:4720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:4936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:4012
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        8⤵
        Executes dropped EXE
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810990.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        10⤵
        
        PID:4504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        11⤵
        
        PID:3816
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        12⤵
        
        PID:7372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+231049.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        9⤵
        
        PID:4996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        10⤵
        
        PID:5668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        11⤵
        
        PID:7820
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        12⤵
        
        PID:6524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
        8⤵
        Executes dropped EXE
        
        PID:3028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        9⤵
        
        PID:5044
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        10⤵
        Kills process with taskkill
        
        PID:5224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        9⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        10⤵
        
        PID:8880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        9⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        10⤵
        
        PID:4896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        10⤵
        
        PID:5496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        9⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        10⤵
        
        PID:9592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        9⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        10⤵
        
        PID:10148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        10⤵
        
        PID:10088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe C:\windows\system32\taskmgr.exe
        9⤵
        
        PID:10416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+120170.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:5432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:1200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8220
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:8596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+44780.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:2708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8928
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2432
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1976
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+78899.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        8⤵
        
        PID:1740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        9⤵
        
        PID:5872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9064
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:8868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+512634.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        8⤵
        
        PID:5712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        9⤵
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9284
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9604
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1996
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+430396.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:2300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:2300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9408
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+420487.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10376
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:10984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3532
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:3840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+429873.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+032267.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        8⤵
        
        PID:7000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        9⤵
        
        PID:3304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:3488
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:4036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+77331.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        8⤵
        
        PID:7116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        9⤵
        
        PID:4512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+215206.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        8⤵
        
        PID:1864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        9⤵
        
        PID:600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:4696
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5016
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:1368
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:7416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        7⤵
        
        PID:4912
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        7⤵
        
        PID:4676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        7⤵
        
        PID:8384
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:8784
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:3256
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:8628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        6⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /autoup 1698520195
        7⤵
        
        PID:9544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        6⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killwindows 1698520195
        7⤵
        
        PID:10080
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /KillHardDisk 1698520195
        7⤵
        
        PID:9884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        6⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /killMBR 1698520195
        7⤵
        
        PID:10852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+08843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:1880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:2108
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+429873.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1004.exe
        8⤵
        
        PID:6204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1004.exe 1698520195
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1004.exe 1698520195
        9⤵
        
        PID:6844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:3048
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:10972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+032267.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        8⤵
        
        PID:6984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        9⤵
        
        PID:6784
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:3868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:3256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+77331.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        8⤵
        
        PID:1332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        9⤵
        
        PID:6220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+215206.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1002.exe
        8⤵
        
        PID:6664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1002.exe 1698520195
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1002.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1002.exe 1698520195
        9⤵
        
        PID:7176
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:3656
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:4384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+76808.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        8⤵
        
        PID:600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        9⤵
        
        PID:6644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+826987.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1008.exe
        8⤵
        
        PID:7240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1008.exe 1698520195
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1008.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1008.exe 1698520195
        9⤵
        
        PID:4444
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
        7⤵
        
        PID:4812
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4984
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:3172
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:3420
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        7⤵
        
        PID:7384
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        7⤵
        
        PID:8116
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        7⤵
        
        PID:8376
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        7⤵
        
        PID:8776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:9184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:8236
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        6⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /autoup 1698520195
        7⤵
        
        PID:9484
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        6⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killwindows 1698520195
        7⤵
        
        PID:10020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        6⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /KillHardDisk 1698520195
        7⤵
        
        PID:9528
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        6⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /killMBR 1698520195
        7⤵
        
        PID:10704
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
        6⤵
        
        PID:10992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:2680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+324352.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
      4⤵
      PID:1716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:1652
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810990.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        8⤵
        
        PID:4540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
        9⤵
        
        PID:3500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6892
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:6412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+231049.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        8⤵
        
        PID:4884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1032.exe 1698520195
        9⤵
        
        PID:5512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:7612
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:7924
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+431441.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:5928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:5600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:1960
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:4652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+529695.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        8⤵
        
        PID:5740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        9⤵
        
        PID:5944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8260
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:8620
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2288
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+531964.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        8⤵
        
        PID:5276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1035.exe 1698520195
        9⤵
        
        PID:5812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+917915.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe
        8⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe 1698520195
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1039.exe 1698520195
        9⤵
        
        PID:5288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:2232
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:8336
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1828
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        Loads dropped DLL
        
        PID:2520
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+119647.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:4456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:6000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:5680
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+016561.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        8⤵
        
        PID:5312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        9⤵
        
        PID:5752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9368
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:9768
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:1932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+119647.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:5320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:2312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9476
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:9812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+016561.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        8⤵
        
        PID:5200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        9⤵
        
        PID:6288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9632
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:10112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        Loads dropped DLL
        
        PID:2456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3128
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+78376.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        8⤵
        
        PID:2472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1037.exe 1698520195
        9⤵
        
        PID:6268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8524
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:10284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+124414.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:6388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:7024
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3508
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        Executes dropped EXE
        
        PID:3760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+429873.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10208
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+032267.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        8⤵
        
        PID:6860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1030.exe 1698520195
        9⤵
        
        PID:6824
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:4092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:4060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+429350.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        8⤵
        
        PID:6880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
        9⤵
        
        PID:6564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+611280.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe
        8⤵
        
        PID:6816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe 1698520195
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1036.exe 1698520195
        9⤵
        
        PID:3988
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:4208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
        7⤵
        
        PID:4624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+328827.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1033.exe
        8⤵
        
        PID:5040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1033.exe 1698520195
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1033.exe 1698520195
        9⤵
        
        PID:1456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+123060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        8⤵
        
        PID:3576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
        9⤵
        
        PID:7908
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
        7⤵
        
        PID:5112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4244
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:4904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+08843.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:1968
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      Loads dropped DLL
      PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+223830.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
      4⤵
      PID:2828
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
      4⤵
      Loads dropped DLL
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:1952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        7⤵
        
        PID:3108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+77331.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe
        8⤵
        
        PID:2536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe 1698520195
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe 1698520195
        9⤵
        
        PID:2496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+215206.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1022.exe
        8⤵
        
        PID:6944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1022.exe 1698520195
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1022.exe 1698520195
        9⤵
        
        PID:4556
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        7⤵
        
        PID:3568
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        7⤵
        
        PID:3596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+018079.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1020.exe
        8⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1020.exe 1698520195
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1020.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1020.exe 1698520195
        9⤵
        
        PID:6364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+719133.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe
        8⤵
        
        PID:3520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe 1698520195
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1027.exe 1698520195
        9⤵
        
        PID:7216
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        7⤵
        
        PID:4448
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4600
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:5036
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:4880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        7⤵
        
        PID:6184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        7⤵
        
        PID:3840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        6⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        7⤵
        
        PID:7400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        7⤵
        
        PID:7900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:4272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:3856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:4384
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        7⤵
        
        PID:8400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        7⤵
        
        PID:8792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        6⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        7⤵
        
        PID:2352
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        7⤵
        
        PID:8972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:9516
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe C:\windows\system32\taskmgr.exe
        6⤵
        
        PID:9644
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:9624
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        6⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        7⤵
        
        PID:10728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe 1698520195
      4⤵
      PID:712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+620623.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
      4⤵
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
    3⤵
    - Executes dropped EXE
    PID:2800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
      4⤵
      PID:1044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+223830.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
      4⤵
      PID:2364
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe 1698520195
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe 1698520195
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
        6⤵
        
        PID:2792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+532487.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
        7⤵
        
        PID:4940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
        8⤵
        
        PID:5144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        9⤵
        
        PID:6820
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        10⤵
        Kills process with taskkill
        
        PID:7512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+36135.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        7⤵
        
        PID:5216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        8⤵
        
        PID:5780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        9⤵
        
        PID:3792
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        10⤵
        
        PID:4584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+620623.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
      4⤵
      PID:1956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:444
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+223307.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
      4⤵
      PID:1012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5424
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:5676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        7⤵
        
        PID:9276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        6⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
        7⤵
        
        PID:9660
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        6⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /KillHardDisk 1698520195
        7⤵
        
        PID:8276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        6⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killMBR 1698520195
        7⤵
        
        PID:10352
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        6⤵
        
        PID:10548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+232403.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
      4⤵
      PID:2912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:1184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
      4⤵
      Loads dropped DLL
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
        5⤵
        Executes dropped EXE
        
        PID:2504
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /protect 1698520195
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /protect 1698520195
        7⤵
        
        PID:4340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe+018079.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1090.exe
        8⤵
        
        PID:6424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1090.exe 1698520195
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1090.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1090.exe 1698520195
        9⤵
        
        PID:1264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe+719133.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1097.exe
        8⤵
        
        PID:6960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1097.exe 1698520195
        8⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1097.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1097.exe 1698520195
        9⤵
        
        PID:7420
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /save 1698520195
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /save 1698520195
        7⤵
        
        PID:4804
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5008
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /autoup 1698520195
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /autoup 1698520195
        7⤵
        
        PID:10624
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe /killwindows 1698520195
        6⤵
        
        PID:10872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
      4⤵
      PID:1720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+528476.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
      4⤵
      Executes dropped EXE
      PID:2788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+912558.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
      4⤵
      PID:2672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:840
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+811513.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
      4⤵
      PID:3492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
      4⤵
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
        5⤵
        
        PID:3972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6788
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:7148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+719269.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe
      4⤵
      PID:4068
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe 1698520195
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe 1698520195
        5⤵
        
        PID:2244
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:2464
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:5560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:1940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:2112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+89422.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
      4⤵
      PID:5136
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
        5⤵
        
        PID:5640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4780
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:8320
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+9854.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
      4⤵
      PID:5712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
        5⤵
        
        PID:240
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8732
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    - Loads dropped DLL
    PID:712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe 1698520195
      4⤵
      Executes dropped EXE
      PID:2556
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:2160
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:5256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:2084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+119647.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
      4⤵
      PID:5392
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
        5⤵
        
        PID:6048
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5060
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+016561.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:2360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
        5⤵
        
        PID:2128
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9996
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:4732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  - Loads dropped DLL
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:1360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:1044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:3112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+119647.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
      4⤵
      PID:5304
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
        5⤵
        
        PID:2404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8268
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+016561.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:2528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
        5⤵
        
        PID:6368
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9864
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:8904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
    3⤵
    - Executes dropped EXE
    PID:1536
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        5⤵
        
        PID:3160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+429350.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1024.exe
        6⤵
        
        PID:6692
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1024.exe 1698520195
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1024.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1024.exe 1698520195
        7⤵
        
        PID:5412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+611280.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1026.exe
        6⤵
        
        PID:7112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1026.exe 1698520195
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1026.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1026.exe 1698520195
        7⤵
        
        PID:3740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        5⤵
        
        PID:4072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
      4⤵
      Loads dropped DLL
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /protect 1698520195
        5⤵
        
        PID:4276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+328827.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1023.exe
        6⤵
        
        PID:6460
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1023.exe 1698520195
        6⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1023.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1023.exe 1698520195
        7⤵
        
        PID:1796
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe+123060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1021.exe
        6⤵
        
        PID:4056
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1021.exe 1698520195
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1021.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1021.exe 1698520195
        7⤵
        
        PID:7544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /save 1698520195
        5⤵
        
        PID:4704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:4968
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:4088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
      4⤵
      PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /autoup 1698520195
        5⤵
        
        PID:10564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe /killwindows 1698520195
      4⤵
      PID:10768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:1224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:3168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:3264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  - Executes dropped EXE
  PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:5768
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      PID:5984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe /autoup 1698520195
    3⤵
    PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe /autoup 1698520195
      4⤵
      PID:10140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe /killwindows 1698520195
    3⤵
    PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe /killwindows 1698520195
      4⤵
      PID:10712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d106.exe /KillHardDisk 1698520195
    3⤵
    PID:11008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:3516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+429873.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d104.exe
      4⤵
      PID:6064
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d104.exe 1698520195
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d104.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d104.exe 1698520195
        5⤵
        
        PID:6716
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+032267.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
      4⤵
      PID:6912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
        5⤵
        
        PID:6876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:3884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:4076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+77331.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe
      4⤵
      PID:6960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe 1698520195
      4⤵
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d107.exe 1698520195
        5⤵
        
        PID:6672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+215206.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
      4⤵
      PID:1476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
        5⤵
        
        PID:6944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
  2⤵
  PID:3292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
    3⤵
    PID:4192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+328827.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
      4⤵
      PID:6800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe 1698520195
        5⤵
        
        PID:5544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+123060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
      4⤵
      PID:3996
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d101.exe 1698520195
        5⤵
        
        PID:7916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
  2⤵
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
    3⤵
    PID:4592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /autoup 1698520195
  2⤵
  PID:10028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /autoup 1698520195
    3⤵
    PID:9308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /killwindows 1698520195
  2⤵
  PID:5988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /killwindows 1698520195
    3⤵
    PID:10612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /KillHardDisk 1698520195
  2⤵
  PID:10840

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe 1698520195
1⤵
- Executes dropped EXE
PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
  2⤵
  PID:3228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
    3⤵
    - Executes dropped EXE
    PID:3416
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+019125.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
      4⤵
      PID:600
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        5⤵
        
        PID:6328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9712
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+528341.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe
      4⤵
      PID:6436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1005.exe 1698520195
      4⤵
      PID:6768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
  2⤵
  PID:3480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
    3⤵
    - Executes dropped EXE
    PID:3640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
  2⤵
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
    3⤵
    PID:3984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+77853.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
      4⤵
      PID:6448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        5⤵
        
        PID:7156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:10384
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10892
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+73426.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
      4⤵
      PID:6276
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
      4⤵
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1007.exe 1698520195
        5⤵
        
        PID:7004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
    3⤵
    PID:3552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
  2⤵
  PID:3504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
    3⤵
    PID:3928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+328827.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
      4⤵
      PID:6608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        5⤵
        
        PID:3624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+123060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe
      4⤵
      PID:1548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe 1698520195
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1001.exe 1698520195
        5⤵
        
        PID:7360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
    3⤵
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
  2⤵
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /protect 1698520195
    3⤵
    PID:4776
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+017556.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
      4⤵
      PID:1524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1000.exe 1698520195
        5⤵
        
        PID:7560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe+330913.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
      4⤵
      PID:7876
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1003.exe 1698520195
        5⤵
        
        PID:7304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
  2⤵
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe /save 1698520195
    3⤵
    PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4324
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5176

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
1⤵
PID:1744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+5764.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
  2⤵
  PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
    3⤵
    - Executes dropped EXE
    PID:3648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:5928
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+215342.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
  2⤵
  PID:3776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
  2⤵
  PID:4032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe 1698520195
    3⤵
    PID:3452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:7140
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:4364

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ResetPing.mht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2560

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
1⤵
PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+5242.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
  2⤵
  PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
  2⤵
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
    3⤵
    PID:4376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:440
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+827122.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
  2⤵
  PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
  2⤵
  PID:5024
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
    3⤵
    PID:4144
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:3560
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6192

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
1⤵
- Executes dropped EXE
PID:2052

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "611966646-928196432793322680-1351728870-543800738-6408087982125485381235321678"
1⤵
- Loads dropped DLL
PID:2236

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+89945.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
  2⤵
  PID:5436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
  2⤵
  PID:5752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:5956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:8176
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:3928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+421841.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
  2⤵
  PID:6048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
  2⤵
  PID:5372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1034.exe 1698520195
    3⤵
    PID:5400
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:8184
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:3480

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /protect 1698520195
1⤵
PID:1912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+89422.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
  2⤵
  PID:6004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
  2⤵
  PID:5312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d108.exe 1698520195
    3⤵
    PID:5684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:4396
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:8284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe+9854.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
  2⤵
  PID:5752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d109.exe 1698520195
    3⤵
    PID:5352
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:8488
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:8768

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
1⤵
PID:2788

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12124308914779836251518436044-18605338091528990046-616294625-6310797541810166250"
1⤵
PID:2972

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "147938034813169151563554457908202833589554644349465564582007513135-48322433"
1⤵
- Loads dropped DLL
PID:900
- C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
  2⤵
  - Executes dropped EXE
  PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810467.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
      4⤵
      PID:5248
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:7348
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:7892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810061.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    3⤵
    PID:5380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
      4⤵
      PID:5864
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:4064
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:4084

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
1⤵
- Executes dropped EXE
PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+120693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
  2⤵
  PID:5688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
  2⤵
  PID:5948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1031.exe 1698520195
    3⤵
    PID:6132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:4940
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+825768.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
  2⤵
  PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
  2⤵
  PID:5412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:5936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:3444
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:8512

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1448

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe 1698520195
1⤵
- Executes dropped EXE
PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:5232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /autoup 1698520195
  2⤵
  PID:8548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /autoup 1698520195
    3⤵
    PID:8804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /killwindows 1698520195
  2⤵
  PID:8928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /killwindows 1698520195
    3⤵
    PID:5500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /KillHardDisk 1698520195
  2⤵
  PID:8396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /KillHardDisk 1698520195
    3⤵
    PID:9040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /killMBR 1698520195
  2⤵
  PID:9268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /killMBR 1698520195
    3⤵
    PID:9532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /protect 1698520195
  2⤵
  PID:9652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /protect 1698520195
    3⤵
    PID:10072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /autoup 1698520195
  2⤵
  PID:8632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe /autoup 1698520195
    3⤵
    PID:4328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d105.exe C:\windows\system32\taskmgr.exe
  2⤵
  PID:10368

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
1⤵
- Executes dropped EXE
PID:2364

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /save 1698520195
1⤵
- Executes dropped EXE
PID:2828

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1126718612-131041808-1151398663-8061300821234787303-890859378-1936498626-283202297"
1⤵
PID:2288

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "90262559-1017546303-2141431069-1450778917-11357437211947070736-1447072771-1184114106"
1⤵
- Loads dropped DLL
PID:2532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8006238701040971718-970426597-5318708951035093348-1754013146941552769-1756039373"
1⤵
PID:1480

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1850002195-18260342751747644448-1159959751079859707-7448458861238712916744318246"
1⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe /protect 1698520195
1⤵
- Executes dropped EXE
PID:1880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810467.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
  2⤵
  PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
  2⤵
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:5616
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:7704
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:5364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe+810061.txt C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
  2⤵
  PID:5724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
  2⤵
  PID:5964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d1038.exe 1698520195
    3⤵
    PID:4148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:7240
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:4928

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
1⤵
PID:1816

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1870548323-1443753410259265353-1009070219868603485-185744310212461584292130180591"
1⤵
- Loads dropped DLL
PID:2040

C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d10.exe /save 1698520195
1⤵
PID:3024

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1036221602-334596770772426013-1142475619-8835868391031510846-18726374811978855845"
1⤵
PID:1240

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1923885264-74979014-2280373411270530181231239283-780902654346462342-2030168757"
1⤵
PID:1704

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2325702742832417251121459655-9715861075331337051939254449-1821936870-222464666"
1⤵
PID:3360

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "186183105585590701312490762981474553162-1253457046-4203331761417824956221913458"
1⤵
PID:3368

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1905574331-13692669861493021010862123746-393400241-1043684895-539597592140043613"
1⤵
PID:3628

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1163307592-1059061225-276173605406427281774939678-9204526932005300374226918128"
1⤵
PID:3180

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1315323026-1848074144178268273-612581459980247956-10578655561495830928-595348130"
1⤵
PID:3168

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16559227181330562651335113966-930953567-167834214-1889087644-1160942935-307748802"
1⤵
PID:3484

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ResetPing.mht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3292 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:5552

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1842826230-1781675805-11689169391967133427-1298396241579249719-1855314268-984450640"
1⤵
PID:5436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1341807420-16896186301991130326-2077514972700839013525685850-13096271425876191"
1⤵
PID:5372

C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
1⤵
PID:4992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-371383013-26987017058618549211384870971684933926-1636396774-670770954425216179"
1⤵
PID:5644

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1806398446-1165244913-173048614-414427790-803887896-1267349798-962240085-706033025"
1⤵
PID:5556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3469165442104641685-307058803-136877337018485724529128560-17322086441843035286"
1⤵
PID:5416

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-920040506-516352296-155277487219547425321553739600302992348630853731-2074186618"
1⤵
PID:5312

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2129092705-553815637158324644-299398084209570316415325716901579773832280233204"
1⤵
PID:2360

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "630804659-737043222-1235058861-664134092-4956025301282778544-1631591042846603775"
1⤵
PID:5200

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1135899611417220379415882819-5838025371547879726201434992413627190051994699755"
1⤵
PID:5736

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-582697898451938099-139670833-1888686645-857340524-1085089684364327891340364888"
1⤵
PID:5304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1426144415-1201282431225709306-772734288622804094-843977051-1673223393-1564073059"
1⤵
PID:6472

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1758673803-2128470247174350367-1015663976-2122612748100377853233002432652707396"
1⤵
PID:6504

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20830091821207448477554234493-9160344571137573547-931573540-1589141225-1253598495"
1⤵
PID:6768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1901233072-295470560113041165114624945241489793133-394624294-13948047091518516473"
1⤵
PID:6728

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1309104901-445171423-934468963-245810365-827630532640614882-129773735283112614"
1⤵
PID:6760

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-561078567-6578795681095637660-4138945111609629443-980912238-116321988-443355977"
1⤵
PID:6860

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1551930725775281150-2349699361902931528-266019889-1235266767113218117270512637"
1⤵
PID:6912

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1218657829289821732291204257-1346509323-72806513219200992981316803505-178128025"
1⤵
PID:2536

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-299602709-2078630513-5286033514470239-20637756121496883828175649428-1207737461"
1⤵
PID:6164

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1007974561970032908-1522090818-693423197716399547230237555-847510939-1704621987"
1⤵
PID:112

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2139388971252220578-527251468-19932644786022307311407186841890338762-642000199"
1⤵
PID:6448

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-619188534-1589433647-382335072-1020214090171055124014579815751429934486543474068"
1⤵
PID:6456

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1637419116-16342096862123663698-19362254841816620192-1458242662-1202434322-107841697"
1⤵
PID:5040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1003879441-1127574486-287704778-84948816410293248198107327820790451601920166777"
1⤵
PID:3412

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1500346477999523513-14264714391242505835939789961540370582119402923-279598653"
1⤵
PID:6664

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1055025957-8484852141006852329-1340170586-7637421071612884891-1344818203-38078561"
1⤵
PID:3428

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-811442895-1700066748-19333176154585779021838078420520592700-603548671286998062"
1⤵
PID:6684

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18602281174666055-20597117171924004133-1096129748771676339345714331830788813"
1⤵
PID:5264

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "57453969-1140484590857357840-330713292-247569992-532927661-748009384-986496508"
1⤵
PID:4264

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-178132101220215098331511280612-2125008242-147506202413229930011256481105-1923061596"
1⤵
PID:2120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13882901841952488282-805615326-1177938077-130191895-409184731-1665760363-1354306252"
1⤵
PID:9168

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-24623625317417046321235066970-18142828951593107020143699091116937133866593296"
1⤵
PID:10052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\08843.txt

Filesize
5B

MD5
c273330bffbf9a2367a2618a3696cf7e

SHA1
97ffc88426a0f56170d192dae87124c5e4962f16

SHA256
7da3052327e32adffe46d5614e8e0a83a0d92054148b15e3ff711d0b5e45178e

SHA512
25d376bb1d7f88b39b6808cf8cb38e399a0c202faec2d49a56b1e45caeb8f45fd1b695929212a419a49474f6e2fde71745981ee7852966dadb3f257e87d633fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\08843.txt

Filesize
5B

MD5
c273330bffbf9a2367a2618a3696cf7e

SHA1
97ffc88426a0f56170d192dae87124c5e4962f16

SHA256
7da3052327e32adffe46d5614e8e0a83a0d92054148b15e3ff711d0b5e45178e

SHA512
25d376bb1d7f88b39b6808cf8cb38e399a0c202faec2d49a56b1e45caeb8f45fd1b695929212a419a49474f6e2fde71745981ee7852966dadb3f257e87d633fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\08843.txt

Filesize
5B

MD5
c273330bffbf9a2367a2618a3696cf7e

SHA1
97ffc88426a0f56170d192dae87124c5e4962f16

SHA256
7da3052327e32adffe46d5614e8e0a83a0d92054148b15e3ff711d0b5e45178e

SHA512
25d376bb1d7f88b39b6808cf8cb38e399a0c202faec2d49a56b1e45caeb8f45fd1b695929212a419a49474f6e2fde71745981ee7852966dadb3f257e87d633fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\123060.txt

Filesize
4B

MD5
41d80bfc327ef980528426fc810a6d7a

SHA1
017f521f42d04b1e00374e9cd9ffd2cf0408d372

SHA256
eda86cee916d58eafc40fcfb3a1723fa0b02fe52b00ac8eb044e41d563706c24

SHA512
3a08e04ba7d2fecea8dfc6abafc2d26a8f7deefa8c0a7b4781d6cebd98d68fac2b8e310718647adfac57d189fceae82ad8a4a6c3a119012782d2b2f43e1b55ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\144864.bat

Filesize
112B

MD5
fb7acb159438f21beb8ef0a43ab1c462

SHA1
0e76c20c485c9fce26a1874199c6244ebb59a2bb

SHA256
699e5df74f084726f9e367663b0aa7dd88e485a33216efa72468d057c05ae77c

SHA512
a0b4e8e93320afc11f188aa244524ae86636734d9c9a9a417fe68fc0d67612714eb32a58a73bca452b28c67d05aa2a09cf1168f3e9042198dfa92a9e325cc19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\18658.bat

Filesize
84B

MD5
618eef8c5c0f7f1cb5d3b030136012e9

SHA1
07be27941da96cc1013191b3a65dd3623918e607

SHA256
4f212aa9d93a4c51c2eed8bf6f5edf9734d7353eef996f35be417d9e4a3391f3

SHA512
e60e6e84e0ef311c21082abf7cd500496550c5a4fcb617ed33458ccab84ffd29c09eca325142d649aa1e0e46bf1eed985be91003102d86964e8549ecce199ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\223830.txt

Filesize
5B

MD5
a0057a00b18bd48ac8c56bce68e483d7

SHA1
e8d1e34af0cc1fc77bd9e9ecdbf6bcdfa611c0b1

SHA256
f5fc759ea06b620054c2032060c69e237690269e433b57b0e133146c8d36a7c8

SHA512
cd45acd3fd660618bc63b6e01804ba4bbf15f70fe96120a3415bed6ebf495f5a3e790f9b21981741d2503b31328ffb7780cf57f1227ef0ef53a83dc79812120a

Download Submit
C:\Users\Admin\AppData\Local\Temp\223830.txt

Filesize
5B

MD5
a0057a00b18bd48ac8c56bce68e483d7

SHA1
e8d1e34af0cc1fc77bd9e9ecdbf6bcdfa611c0b1

SHA256
f5fc759ea06b620054c2032060c69e237690269e433b57b0e133146c8d36a7c8

SHA512
cd45acd3fd660618bc63b6e01804ba4bbf15f70fe96120a3415bed6ebf495f5a3e790f9b21981741d2503b31328ffb7780cf57f1227ef0ef53a83dc79812120a

Download Submit
C:\Users\Admin\AppData\Local\Temp\24248.bat

Filesize
124B

MD5
6a08545ef228a61b1eddfb4586e82f0a

SHA1
fd859407e48e4da28c0dd2a071bec9862c249986

SHA256
5e9937d50111bbb9445d0043d07cbf73516cbb9c20dcc3b9e5d90929d6f38f63

SHA512
4a7a8e01dace80257aff6342641e794f2693a271eda98e2bffa115190532fb46b34b1cae3460ebad661936cb35e2f1bc5657a44a52fb2c7764aecfc5f1eb66c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\324352.txt

Filesize
4B

MD5
eb7cdec4751eb3b3fd24908c6bdb1c17

SHA1
8cdaa20d71b1db65e210fe0d1a3279d0121b23ed

SHA256
527fda157ed08742794c92723cefea8b8be7b1dc600b5d2ed190b138fea39cea

SHA512
cabeb08245300858f83916de222b898e5e3dfd082a88b9b5754ff71784bfcae8d2883c00e9c0e7c82e4ab351aeffd24803d283ec673c80b631a7327bfa2698bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\324352.txt

Filesize
4B

MD5
eb7cdec4751eb3b3fd24908c6bdb1c17

SHA1
8cdaa20d71b1db65e210fe0d1a3279d0121b23ed

SHA256
527fda157ed08742794c92723cefea8b8be7b1dc600b5d2ed190b138fea39cea

SHA512
cabeb08245300858f83916de222b898e5e3dfd082a88b9b5754ff71784bfcae8d2883c00e9c0e7c82e4ab351aeffd24803d283ec673c80b631a7327bfa2698bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\328827.txt

Filesize
5B

MD5
d3989fd6bcf000eeba6633fa4c003b6b

SHA1
5e978a661274544f303d5e9e3f0aadfb433f3188

SHA256
5896935fd3cb0b313ee165101aef90c084817898a40841989a772e0deba81010

SHA512
5040de177170fba7727e725dd04d7a7a80f8257f257a0cfd487fb56ee6ceeb8b5210dfa06e1dde183fbe4d810b2c49d22ee204ac38d38c80c2903012f353bd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\60935.bat

Filesize
111B

MD5
65b9c1f216bbb1ff340b1a2bc0133a85

SHA1
0bccfd47a894a196b866cae2fea4511d9bfd0f6c

SHA256
72c18413be104593acb7f3eb52988b4b876acd399f93a9349369b7fab4f676f0

SHA512
1a768bdc18b183352e6df489c7b2920f04a705958f3e3a80f7c799e5a8dcd70e83319c595dd82c54f273536ff7d44e767ccab2812393c97dbc81475adc016d9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\620623.txt

Filesize
5B

MD5
f2b4053221961416d47d497814a8064f

SHA1
aa8d479d205816318e4e909060766eb5e777448d

SHA256
8a07001667ede8247df09cb2e2869308614be2c92832377b5deb13777dcb27a1

SHA512
e0f643d1be65ae96dbc497d21e2866dc567e74cd15aea34adf8a1c76a865770746453dbdab35c271f6e8334afbdc90726bc455fca2758e118f8dc17b4be3f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\620623.txt

Filesize
5B

MD5
f2b4053221961416d47d497814a8064f

SHA1
aa8d479d205816318e4e909060766eb5e777448d

SHA256
8a07001667ede8247df09cb2e2869308614be2c92832377b5deb13777dcb27a1

SHA512
e0f643d1be65ae96dbc497d21e2866dc567e74cd15aea34adf8a1c76a865770746453dbdab35c271f6e8334afbdc90726bc455fca2758e118f8dc17b4be3f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\63816.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\63816.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\80661.bat

Filesize
124B

MD5
7d029768c05119a229556aa934d69820

SHA1
33e3155248878015c3b02e0ccd04f9485b16d4ad

SHA256
96cbf8bcc32dcdd42d5bcdf3ced3bdeea8cd691be00f93c62bf194341a5ed6d0

SHA512
e3f4fe7075c6dba882ff00eb47bf800181a427b7883b5709bb8f53a4afcd31aaf1c34fb674498fac616439767e166ff8229b3e39e04884aed4c82e7f2a5bf041

Download Submit
C:\Users\Admin\AppData\Local\Temp\912558.txt

Filesize
5B

MD5
4b0cb9685dd1da13cd7d85b3e4de824f

SHA1
9250dd96550c0cbb221cf19251d0096644676cd6

SHA256
d3109358c740513fcda796709ffc47aca519594c50e0eeb686beab35d9e77361

SHA512
3615b75583b1bd787bc378f8e6c0c271f28763b968b52a2a671be9267c6fa00680c92358cc51240572b5f79b42f05ffaa48b16881d767088fe502c18fcc79f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\98400.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d100.exe

Filesize
3.0MB

MD5
9ac585b043102173b8618c12768d7883

SHA1
3d34afb7c54d9761da0f74288ef25f989a85ebb6

SHA256
0f06145a2697082c0670843bea4307761d6d8b794383ca64a9262df1b8720be8

SHA512
8b8d0df1b5ead52574b44cb6d2062f22f0757efaa7586a091d6f6b281f41fd31d440d0486a3de6b76de6351e5cd3d7784ca9525cfc19845cb8582fc2225bca4b

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d102.exe

Filesize
3.0MB

MD5
1ef5aadc44d8a8838417433551e5f3fa

SHA1
253bf8adcc77198ab0a1387e84ec2a9c31506a11

SHA256
62e8bf1bd16e983538648b93ec4aa41593d44f968e4cca7a728fff33461e53c7

SHA512
92fc9c98fdf88fb4ed3abe6ee9d420661f1ee0b8062e771788f79ffb8bde5e2febc43c90b804174bbc7de1e4e7d401d08523e6041dc1a507e41872cff6f4a242

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.17d4d31580768282ff68a3b744546d103.exe

Filesize
3.0MB

MD5
308a72b513630171c54a129de5bb09b4

SHA1
b59ce439e3a3b5a1ccd49a2ccae59666cd8744f4

SHA256
dd47eb90ae94cf77cfc71d787342b3bd75fe61ff6c581242da10ea2e932fed57

SHA512
746a3254caf24ff14ad975c59692e737e6e95e96157c33a65b064f42d6ea7ceec3ee31a39b4deb6079775dd8895f45555fa112b09a4877f44980acdaccf68eb1

Download Submit
memory/444-99-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/524-107-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/696-106-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/836-113-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/840-130-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1364-131-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1536-142-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1640-120-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1652-112-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1668-123-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1700-111-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1744-122-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1744-125-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1816-169-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1880-198-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1940-141-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1952-143-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2036-144-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2052-146-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2108-132-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2176-97-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2208-145-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2208-166-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2220-105-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2284-204-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2416-176-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2416-199-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2480-108-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2504-152-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2584-104-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2588-148-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2588-195-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2612-45-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2620-57-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2644-46-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2676-94-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2680-103-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2732-102-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2748-150-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2748-170-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2792-203-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2888-101-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2900-156-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2908-98-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3024-147-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download