ce9328a36db3b27289cd03fe3daf25b2a41723f1ecac5866097165c85f5c77f9

Analysis

max time kernel
3s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Size

3.0MB
MD5

2ebddcbd78e6d2a3d954b9df55e441a0
SHA1

01673010b5039825cbb1885dae57728234d1e853
SHA256

ce9328a36db3b27289cd03fe3daf25b2a41723f1ecac5866097165c85f5c77f9
SHA512

e48e7fc9f33f38e8c4c998cc44b127d123646263a981cf226925b1d732c2fd6cd4e0b9f13bd4e19fbb285cf1aacf7a7e021f5f7d340c63b753fae83da942fc67
SSDEEP

49152:j495UciMmq/NhjX5p3JOCdLAweZnE5c965nqqIP2ItdZ:jk5LhzACdLAlnE5co5nqqIP2ItdZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
4344	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
4692	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
4212	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
4972	NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe
3008	NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
3020	taskkill.exe

Modifies file permissions 1 TTPs 14 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
10812	takeown.exe
9220	takeown.exe
11060	takeown.exe
6856	takeown.exe
1604	takeown.exe
7952	takeown.exe
10544	takeown.exe
7280	takeown.exe
10460	takeown.exe
6324	takeown.exe
11296	takeown.exe
9200	takeown.exe
5196	takeown.exe
2880	takeown.exe

Kills process with taskkill 39 IoCs

evasion

pid	Process
7524	taskkill.exe
836	taskkill.exe
8312	taskkill.exe
4680	taskkill.exe
9788	taskkill.exe
9384	taskkill.exe
9228	taskkill.exe
6328	taskkill.exe
9744	taskkill.exe
9736	taskkill.exe
6276	taskkill.exe
4688	taskkill.exe
11068	taskkill.exe
6432	taskkill.exe
2744	taskkill.exe
9804	taskkill.exe
3324	taskkill.exe
9728	taskkill.exe
9720	taskkill.exe
8692	taskkill.exe
8520	taskkill.exe
3724	taskkill.exe
8584	taskkill.exe
2132	taskkill.exe
4708	taskkill.exe
9760	taskkill.exe
3992	taskkill.exe
6528	taskkill.exe
9596	taskkill.exe
9752	taskkill.exe
4076	taskkill.exe
5976	taskkill.exe
3020	taskkill.exe
5864	taskkill.exe
8592	taskkill.exe
3772	taskkill.exe
3692	taskkill.exe
5644	taskkill.exe
8096	taskkill.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeAssignPrimaryTokenPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeLockMemoryPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeIncreaseQuotaPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeMachineAccountPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeTcbPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSecurityPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeTakeOwnershipPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeLoadDriverPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemProfilePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemtimePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeProfSingleProcessPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeIncBasePriorityPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreatePagefilePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreatePermanentPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeBackupPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeRestorePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeShutdownPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeDebugPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeAuditPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemEnvironmentPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeChangeNotifyPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeRemoteShutdownPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeUndockPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSyncAgentPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeEnableDelegationPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeManageVolumePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeImpersonatePrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreateGlobalPrivilege	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 31	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 32	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 33	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 34	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 35	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreateTokenPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeAssignPrimaryTokenPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeLockMemoryPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeIncreaseQuotaPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeMachineAccountPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeTcbPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSecurityPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeTakeOwnershipPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeLoadDriverPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemProfilePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemtimePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeProfSingleProcessPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeIncBasePriorityPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreatePagefilePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreatePermanentPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeBackupPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeRestorePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeShutdownPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeDebugPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeAuditPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSystemEnvironmentPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeChangeNotifyPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeRemoteShutdownPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeUndockPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeSyncAgentPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeEnableDelegationPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeManageVolumePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeImpersonatePrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: SeCreateGlobalPrivilege	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
Token: 31	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 4708	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	87
PID 2716 wrote to memory of 4708	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	87
PID 4708 wrote to memory of 788	4708	cmd.exe	88
PID 4708 wrote to memory of 788	4708	cmd.exe	88
PID 2716 wrote to memory of 948	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	90
PID 2716 wrote to memory of 948	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	90
PID 948 wrote to memory of 5032	948	cmd.exe	91
PID 948 wrote to memory of 5032	948	cmd.exe	91
PID 2716 wrote to memory of 2960	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	136
PID 2716 wrote to memory of 2960	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	136
PID 788 wrote to memory of 3744	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	93
PID 788 wrote to memory of 3744	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	93
PID 2960 wrote to memory of 4820	2960	NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe	95
PID 2960 wrote to memory of 4820	2960	NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe	95
PID 2716 wrote to memory of 3540	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	97
PID 2716 wrote to memory of 3540	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	97
PID 788 wrote to memory of 1676	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	98
PID 788 wrote to memory of 1676	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	98
PID 3540 wrote to memory of 548	3540	cmd.exe	99
PID 3540 wrote to memory of 548	3540	cmd.exe	99
PID 4820 wrote to memory of 4548	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	100
PID 4820 wrote to memory of 4548	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	100
PID 1676 wrote to memory of 4756	1676	cmd.exe	102
PID 1676 wrote to memory of 4756	1676	cmd.exe	102
PID 788 wrote to memory of 3792	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	107
PID 788 wrote to memory of 3792	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	107
PID 2716 wrote to memory of 1528	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	108
PID 2716 wrote to memory of 1528	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	108
PID 1528 wrote to memory of 4768	1528	cmd.exe	109
PID 1528 wrote to memory of 4768	1528	cmd.exe	109
PID 2716 wrote to memory of 5028	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	111
PID 2716 wrote to memory of 5028	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	111
PID 4756 wrote to memory of 1016	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	112
PID 4756 wrote to memory of 1016	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	112
PID 4820 wrote to memory of 3392	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	113
PID 4820 wrote to memory of 3392	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	113
PID 1016 wrote to memory of 4344	1016	cmd.exe	114
PID 1016 wrote to memory of 4344	1016	cmd.exe	114
PID 4756 wrote to memory of 4928	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	116
PID 4756 wrote to memory of 4928	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	116
PID 4768 wrote to memory of 3048	4768	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	115
PID 4768 wrote to memory of 3048	4768	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	115
PID 3392 wrote to memory of 4692	3392	cmd.exe	157
PID 3392 wrote to memory of 4692	3392	cmd.exe	157
PID 4928 wrote to memory of 4212	4928	cmd.exe	156
PID 4928 wrote to memory of 4212	4928	cmd.exe	156
PID 4608 wrote to memory of 4672	4608	msedge.exe	131
PID 4608 wrote to memory of 4672	4608	msedge.exe	131
PID 212 wrote to memory of 2456	212	msedge.exe	129
PID 212 wrote to memory of 2456	212	msedge.exe	129
PID 4756 wrote to memory of 2336	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	120
PID 4756 wrote to memory of 2336	4756	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	120
PID 4820 wrote to memory of 1660	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	128
PID 4820 wrote to memory of 1660	4820	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	128
PID 5028 wrote to memory of 3912	5028	cmd.exe	121
PID 5028 wrote to memory of 3912	5028	cmd.exe	121
PID 4344 wrote to memory of 3464	4344	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	126
PID 4344 wrote to memory of 3464	4344	NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe	126
PID 2716 wrote to memory of 2036	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	125
PID 2716 wrote to memory of 2036	2716	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	125
PID 788 wrote to memory of 4604	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	123
PID 788 wrote to memory of 4604	788	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	123
PID 4768 wrote to memory of 3816	4768	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	122
PID 4768 wrote to memory of 3816	4768	NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe	122

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+118038.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
      4⤵
      PID:3744
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe 1698522237
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe 1698522237
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+428787.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
        8⤵
        
        PID:3464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe 1698522237
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe 1698522237
        9⤵
        
        PID:4940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /protect 1698522237
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /protect 1698522237
        11⤵
        
        PID:5408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe+224604.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe
        12⤵
        
        PID:8536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe+631697.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe
        12⤵
        
        PID:7952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe 1698522237
        12⤵
        
        PID:8124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:5464
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:6528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killwindows 1698522237
        10⤵
        
        PID:10568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /KillHardDisk 1698522237
        10⤵
        
        PID:6712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /autoup 1698522237
        10⤵
        
        PID:6528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /save 1698522237
        10⤵
        
        PID:4600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+22992.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
        8⤵
        
        PID:4604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe 1698522237
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe 1698522237
        9⤵
        
        PID:5516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /protect 1698522237
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /protect 1698522237
        11⤵
        
        PID:6844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe 1698522237
        12⤵
        
        PID:6440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe+5284.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe
        12⤵
        
        PID:3836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe 1698522237
        12⤵
        
        PID:8200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe+64153.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
        12⤵
        
        PID:7508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /save 1698522237
        10⤵
        
        PID:7580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /autoup 1698522237
        10⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /autoup 1698522237
        11⤵
        
        PID:5628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /killwindows 1698522237
        10⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /killwindows 1698522237
        11⤵
        
        PID:12112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /KillHardDisk 1698522237
        10⤵
        
        PID:10768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8896
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        7⤵
        Executes dropped EXE
        
        PID:4212
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        
        PID:3020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+016993.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a010.exe
        8⤵
        
        PID:5356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a010.exe 1698522237
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a010.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a010.exe 1698522237
        9⤵
        
        PID:6748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6460
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:4688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+722626.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
        8⤵
        
        PID:7020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe 1698522237
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe 1698522237
        9⤵
        
        PID:7432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8660
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        8⤵
        
        PID:2440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        
        PID:5840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+74676.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
        8⤵
        
        PID:7000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+921271.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a019.exe
        8⤵
        
        PID:8324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a019.exe 1698522237
        8⤵
        
        PID:6928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe 1698522237
        8⤵
        
        PID:7572
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        7⤵
        
        PID:5540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7768
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:8592
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /KillHardDisk 1698522237
        6⤵
        
        PID:5952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /killMBR 1698522237
        6⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /killMBR 1698522237
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe /autoup 1698522237
        7⤵
        
        PID:12172
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        
        PID:11588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /autoup 1698522237
        6⤵
        
        PID:9588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /killwindows 1698522237
        6⤵
        
        PID:10184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /autoup 1698522237
        6⤵
        
        PID:5944
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+531833.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
      4⤵
      PID:3792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe 1698522237
      4⤵
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe 1698522237
        5⤵
        Executes dropped EXE
        
        PID:3008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        7⤵
        
        PID:5696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+75199.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a057.exe
        8⤵
        
        PID:6184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+49491.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        9⤵
        
        PID:7452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe 1698522237
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe 1698522237
        9⤵
        
        PID:9428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /KillHardDisk 1698522237
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /KillHardDisk 1698522237
        11⤵
        
        PID:5044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\users /r /f
        12⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe 1698522237
        11⤵
        
        PID:8104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /killMBR 1698522237
        10⤵
        
        PID:11688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /killwindows 1698522237
        10⤵
        
        PID:10328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /autoup 1698522237
        10⤵
        
        PID:7380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a057.exe 1698522237
        8⤵
        
        PID:5428
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        7⤵
        
        PID:6820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe+325650.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a023.exe
        7⤵
        
        PID:5180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a024.exe 1698522237
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a024.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a024.exe 1698522237
        8⤵
        
        PID:3836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        9⤵
        
        PID:2448
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        6⤵
        
        PID:7108
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8852
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        6⤵
        
        PID:7736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
    3⤵
    PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4820
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+118038.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
      4⤵
      PID:4548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe 1698522237
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe 1698522237
        5⤵
        Executes dropped EXE
        
        PID:4692
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        
        PID:5168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+326696.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
        8⤵
        
        PID:6540
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        Kills process with taskkill
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+517345.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
        8⤵
        
        PID:6716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe 1698522237
        8⤵
        
        PID:8908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe 1698522237
        8⤵
        
        PID:6564
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        7⤵
        
        PID:6836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
        7⤵
        
        PID:7416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
        7⤵
        
        PID:2016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+531833.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
      4⤵
      PID:1660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe 1698522237
      4⤵
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe 1698522237
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        7⤵
        
        PID:4764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+813418.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a058.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe /save 1698522237
        9⤵
        
        PID:6848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a058.exe 1698522237
        8⤵
        
        PID:8916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe 1698522237
        8⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+015947.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
        8⤵
        
        PID:6452
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        7⤵
        
        PID:6828
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /protect 1698522237
        7⤵
        
        PID:7424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
        7⤵
        
        PID:7468
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
    3⤵
    PID:548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+428787.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe
      4⤵
      PID:3048
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe 1698522237
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe 1698522237
        5⤵
        Executes dropped EXE
        
        PID:4972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe /protect 1698522237
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe /protect 1698522237
        7⤵
        
        PID:6092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe 1698522237
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe 1698522237
        9⤵
        
        PID:7460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /protect 1698522237
        10⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /protect 1698522237
        11⤵
        
        PID:12084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /autoup 1698522237
        10⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /killMBR 1698522237
        10⤵
        
        PID:10096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /KillHardDisk 1698522237
        10⤵
        
        PID:7100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /killwindows 1698522237
        10⤵
        
        PID:4476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /autoup 1698522237
        10⤵
        
        PID:8312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe+49491.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
        8⤵
        
        PID:6740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe 1698522237
        8⤵
        
        PID:8824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe+75199.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
        8⤵
        
        PID:5700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe /save 1698522237
        6⤵
        
        PID:5616
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7752
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:8584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+22992.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
      4⤵
      PID:4308
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe 1698522237
      4⤵
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe 1698522237
        5⤵
        
        PID:5068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /protect 1698522237
        6⤵
        
        PID:5952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /save 1698522237
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /save 1698522237
        7⤵
        
        PID:6500
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /killwindows 1698522237
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /killwindows 1698522237
        7⤵
        
        PID:8540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
        8⤵
        
        PID:2132
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\windows\system32\taskmgr.exe
        9⤵
        Modifies file permissions
        
        PID:9220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /killMBR 1698522237
        6⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /killMBR 1698522237
        7⤵
        
        PID:1140
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /protect 1698522237
        6⤵
        
        PID:11372
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /KillHardDisk 1698522237
        6⤵
        
        PID:8656
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /autoup 1698522237
        6⤵
        
        PID:1648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
    3⤵
    PID:3912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    PID:4540
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+016993.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
      4⤵
      PID:4848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe 1698522237
      4⤵
      PID:3752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+722626.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
      4⤵
      PID:6408
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe 1698522237
      4⤵
      PID:6348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
  2⤵
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
    3⤵
    PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  PID:5840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    PID:4100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe 1698522237
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe 1698522237
        5⤵
        
        PID:6580
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a08.exe 1698522237
      4⤵
      PID:8928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+813418.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a08.exe
      4⤵
      PID:8448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+015947.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
      4⤵
      PID:6504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
  2⤵
  PID:5004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /save 1698522237
    3⤵
    PID:6244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6396
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:8096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /autoup 1698522237
  2⤵
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /autoup 1698522237
    3⤵
    PID:10056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /killwindows 1698522237
  2⤵
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /killwindows 1698522237
    3⤵
    PID:9824
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
      4⤵
      PID:1756
    - - C:\Windows\system32\takeown.exe
        
        takeown /f C:\windows\system32\taskmgr.exe
        5⤵
        Modifies file permissions
        
        PID:10460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c Cacls C:\windows\system32\taskmgr.exe /t /e /c /gAdmin:F
      4⤵
      PID:10296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /KillHardDisk 1698522237
  2⤵
  PID:8536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /KillHardDisk 1698522237
    3⤵
    PID:7436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c mountvol c: /d
      4⤵
      PID:7300
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\users /r /f
      4⤵
      PID:10812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /killMBR 1698522237
  2⤵
  PID:10736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /killMBR 1698522237
    3⤵
    PID:7980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
  2⤵
  PID:5416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /protect 1698522237
    3⤵
    PID:11648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe /autoup 1698522237
  2⤵
  PID:11428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21cd46f8,0x7ffa21cd4708,0x7ffa21cd4718
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:10232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 /prefetch:8
  2⤵
  PID:7772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:9036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:10224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:10216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1728408011106539979,10214576515379283644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffa21cd46f8,0x7ffa21cd4708,0x7ffa21cd4718
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7144720997844000696,15443382059128213329,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7144720997844000696,15443382059128213329,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
1⤵
PID:848
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /protect 1698522237
  2⤵
  PID:3016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+427741.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
    3⤵
    PID:5484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe 1698522237
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe 1698522237
      4⤵
      PID:6448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+326552.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
    3⤵
    PID:6716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe 1698522237
    3⤵
    PID:5936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /save 1698522237
1⤵
PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5428
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a057.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a057.exe 1698522237
  2⤵
  PID:7920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:5800
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:8692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.2.1341694821\1314076393" -childID 1 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b803d7e3-90dd-4f69-8632-e289cea3793a} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 3472 1f5cf565558 tab
  2⤵
  PID:7864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.4.1314628370\1840993891" -childID 3 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc3baf4-d172-4f74-b13c-8e0b7609b874} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 4104 1f5d5405458 tab
  2⤵
  PID:7116
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.7.1453945158\1720230188" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a4bde9a-e3ad-4618-a508-cb073d711f49} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 5512 1f5d9629b58 tab
  2⤵
  PID:8404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.6.1663799698\200856824" -childID 5 -isForBrowser -prefsHandle 5060 -prefMapHandle 5056 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df135570-898a-4419-9248-d64bf9589744} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 4812 1f5d962b058 tab
  2⤵
  PID:8320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.5.710027658\695877592" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf991f64-41a1-4c0e-87de-837ba63f5b02} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 4888 1f5d3153158 tab
  2⤵
  PID:7936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.3.1239148109\792558004" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3024 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b06e0ba4-6630-479a-bc0c-541683bb8d6a} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 3184 1f5d36f0058 tab
  2⤵
  PID:7672
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.1.1865608926\1970603752" -parentBuildID 20221007134813 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d671949-f2d4-429e-8eba-a3bf29460b56} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 2312 1f5c3b6ee58 socket
  2⤵
  PID:6412
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6336.0.1427978718\1096758824" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75ce06ca-6faf-4015-af87-6337a251be3f} 6336 "\\.\pipe\gecko-crash-server-pipe.6336" 1836 1f5cf5d7b58 gpu
  2⤵
  PID:5304

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /protect 1698522237
1⤵
PID:5360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe+014902.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
  2⤵
  PID:7932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe 1698522237
  2⤵
  PID:8456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe 1698522237
    3⤵
    PID:5856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /autoup 1698522237
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /autoup 1698522237
        5⤵
        
        PID:9916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /killwindows 1698522237
      4⤵
      PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /killwindows 1698522237
        5⤵
        
        PID:1524
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:2132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /killMBR 1698522237
      4⤵
      PID:11528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /KillHardDisk 1698522237
      4⤵
      PID:7688
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe+04210.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
  2⤵
  PID:9084

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe 1698522237
1⤵
PID:8068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /autoup 1698522237
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /autoup 1698522237
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe 1698522237
      4⤵
      PID:5888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /killwindows 1698522237
  2⤵
  PID:5448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /killwindows 1698522237
    3⤵
    PID:4152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
      4⤵
      PID:2200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /KillHardDisk 1698522237
  2⤵
  PID:6552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /KillHardDisk 1698522237
    3⤵
    PID:10860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /killMBR 1698522237
  2⤵
  PID:11244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /killMBR 1698522237
    3⤵
    PID:4228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /protect 1698522237
  2⤵
  PID:11080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6400

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe 1698522237
1⤵
PID:7956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /autoup 1698522237
  2⤵
  PID:9904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /autoup 1698522237
    3⤵
    PID:7112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /killwindows 1698522237
    3⤵
    PID:11020
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
      4⤵
      PID:11236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /protect 1698522237
  2⤵
  PID:11288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /protect 1698522237
    3⤵
    PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /killMBR 1698522237
  2⤵
  PID:10336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /KillHardDisk 1698522237
  2⤵
  PID:5396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /killwindows 1698522237
  2⤵
  PID:5544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6084

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe 1698522237
1⤵
PID:7944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6900
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6276
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      PID:6468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+63630.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a016.exe
1⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe /save 1698522237
1⤵
PID:1676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:8676
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:9720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a016.exe 1698522237
1⤵
PID:3660
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a016.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a016.exe 1698522237
  2⤵
  PID:9492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe 1698522237
1⤵
PID:5560
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe 1698522237
  2⤵
  PID:9660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:5576

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a058.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a058.exe 1698522237
1⤵
PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9692

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a023.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a023.exe 1698522237
1⤵
PID:9312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:9648
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:3324

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9788

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a019.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a019.exe 1698522237
1⤵
PID:10032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5660
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:3772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+112064.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
1⤵
PID:10128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:2944
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:5976

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /save 1698522237
1⤵
PID:8912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:6388
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:3992

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:6432

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:3724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe 1698522237
1⤵
PID:6168

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:2744

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:4076

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /autoup 1698522237
1⤵
PID:5892
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /autoup 1698522237
  2⤵
  PID:5992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:7904
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:7524

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /autoup 1698522237
1⤵
PID:5176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:9024
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:9804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /autoup 1698522237
1⤵
PID:6996
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /autoup 1698522237
  2⤵
  PID:3488

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /autoup 1698522237
1⤵
PID:7328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /autoup 1698522237
1⤵
PID:7320
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /autoup 1698522237
  2⤵
  PID:376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /autoup 1698522237
1⤵
PID:9588
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /autoup 1698522237
  2⤵
  PID:2480

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /killwindows 1698522237
1⤵
PID:6428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
  2⤵
  PID:8664
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe 1698522237
  2⤵
  PID:9772

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /killwindows 1698522237
1⤵
PID:7456
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /killwindows 1698522237
  2⤵
  PID:4016

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /killwindows 1698522237
1⤵
PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
  2⤵
  PID:9132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /killwindows 1698522237
1⤵
PID:1112
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /killwindows 1698522237
  2⤵
  PID:10844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /killwindows 1698522237
1⤵
PID:9516
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /killwindows 1698522237
  2⤵
  PID:11036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe /autoup 1698522237
1⤵
PID:4856
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe /autoup 1698522237
  2⤵
  PID:3404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:10372
- C:\Windows\system32\takeown.exe
  takeown /f C:\windows\system32\taskmgr.exe
  2⤵
  - Modifies file permissions
  PID:6324

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /autoup 1698522237
1⤵
PID:10340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /KillHardDisk 1698522237
1⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /autoup 1698522237
1⤵
PID:10484

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:10544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:10756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /KillHardDisk 1698522237
1⤵
PID:9748
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /KillHardDisk 1698522237
  2⤵
  PID:9500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\users /r /f
    3⤵
    PID:908
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:3692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe /autoup 1698522237
1⤵
PID:4084
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe /autoup 1698522237
  2⤵
  PID:9080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /KillHardDisk 1698522237
1⤵
PID:8040
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /KillHardDisk 1698522237
  2⤵
  PID:1180
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killwindows 1698522237
  2⤵
  PID:10652

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /killwindows 1698522237
1⤵
PID:10540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
  2⤵
  PID:5060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /KillHardDisk 1698522237
1⤵
PID:5952
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /KillHardDisk 1698522237
  2⤵
  PID:10428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\users /r /f
    3⤵
    PID:1948
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /KillHardDisk 1698522237
  2⤵
  PID:7568
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /protect 1698522237
  2⤵
  PID:5432

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe /autoup 1698522237
1⤵
PID:3852

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe /killwindows 1698522237
1⤵
PID:10272
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe /killwindows 1698522237
  2⤵
  PID:2892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
    3⤵
    PID:11792

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe /autoup 1698522237
1⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /killwindows 1698522237
1⤵
PID:1756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /killMBR 1698522237
1⤵
PID:3552
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /killMBR 1698522237
  2⤵
  PID:11868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe /killwindows 1698522237
1⤵
PID:5304
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe /killwindows 1698522237
  2⤵
  PID:12144

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:6856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /killMBR 1698522237
1⤵
PID:9504
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /killMBR 1698522237
  2⤵
  PID:3540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mountvol c: /d
1⤵
PID:11380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mountvol c: /d
1⤵
PID:11440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe /KillHardDisk 1698522237
1⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killMBR 1698522237
1⤵
PID:11936

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /KillHardDisk 1698522237
1⤵
PID:12000

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /KillHardDisk 1698522237
1⤵
PID:12092

C:\Windows\system32\mountvol.exe
mountvol c: /d
1⤵
PID:12256

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:1604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe /protect 1698522237
1⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe /protect 1698522237
1⤵
PID:12124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /killMBR 1698522237
1⤵
PID:7592
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe /killwindows 1698522237
  2⤵
  PID:11744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /killMBR 1698522237
1⤵
PID:4948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /protect 1698522237
1⤵
PID:3048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /killMBR 1698522237
1⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe /killwindows 1698522237
1⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /KillHardDisk 1698522237
1⤵
PID:980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe /KillHardDisk 1698522237
1⤵
PID:1404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mountvol c: /d
1⤵
PID:4044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0.exe+77060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a07.exe
1⤵
PID:4644

C:\Windows\system32\mountvol.exe
mountvol c: /d
1⤵
PID:12248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /protect 1698522237
1⤵
PID:12200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+77060.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
1⤵
PID:12164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:11888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe /KillHardDisk 1698522237
1⤵
PID:11876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:11640

C:\Windows\system32\cacls.exe
Cacls C:\windows\system32\taskmgr.exe /t /e /c /gAdmin:F
1⤵
PID:11536

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /killMBR 1698522237
1⤵
PID:11472

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe /killwindows 1698522237
1⤵
PID:11328

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:11296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:7844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /killMBR 1698522237
1⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a000.exe /KillHardDisk 1698522237
1⤵
PID:7044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe /killwindows 1698522237
1⤵
PID:10676

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:9200

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:10812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0146.exe /autoup 1698522237
1⤵
PID:10672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /KillHardDisk 1698522237
1⤵
PID:5592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mountvol c: /d
1⤵
PID:7884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killMBR 1698522237
1⤵
PID:7344

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:7280

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /killMBR 1698522237
1⤵
PID:7260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:10872

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /KillHardDisk 1698522237
1⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe /autoup 1698522237
1⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killwindows 1698522237
1⤵
PID:7156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe /killwindows 1698522237
1⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /KillHardDisk 1698522237
1⤵
PID:7536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /killMBR 1698522237
1⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /killMBR 1698522237
1⤵
PID:9212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:8656
- C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe /KillHardDisk 1698522237
  2⤵
  PID:11132

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /killwindows 1698522237
1⤵
PID:9836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe /killwindows 1698522237
1⤵
PID:4308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe /KillHardDisk 1698522237
1⤵
PID:6632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:10252

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:8684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:2000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:9608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe /KillHardDisk 1698522237
1⤵
PID:11188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe /autoup 1698522237
1⤵
PID:11172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:10944

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:7952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\users /r /f
1⤵
PID:5244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a050.exe /KillHardDisk 1698522237
1⤵
PID:11084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /killwindows 1698522237
1⤵
PID:11076

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:11068

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:11060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /killwindows 1698522237
1⤵
PID:10984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe /autoup 1698522237
1⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /autoup 1698522237
1⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /KillHardDisk 1698522237
1⤵
PID:10644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe /autoup 1698522237
1⤵
PID:10436

C:\Windows\system32\takeown.exe
takeown /f C:\windows\system32\taskmgr.exe
1⤵
- Modifies file permissions
PID:2880

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a054.exe /autoup 1698522237
1⤵
PID:8432

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /killwindows 1698522237
1⤵
PID:9904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:1992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe /killwindows 1698522237
1⤵
PID:8040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /autoup 1698522237
1⤵
PID:10000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\windows\system32\taskmgr.exe
1⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /autoup 1698522237
1⤵
PID:4076

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe /autoup 1698522237
1⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a047.exe /killwindows 1698522237
1⤵
PID:7556

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:8312

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:4680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe /autoup 1698522237
1⤵
PID:7240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:6540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe 1698522237
1⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe 1698522237
1⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe 1698522237
1⤵
PID:6068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:9096

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:6328

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe /autoup 1698522237
1⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a013.exe 1698522237
1⤵
PID:3340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe 1698522237
1⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe 1698522237
1⤵
PID:2500

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:4708

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0125.exe 1698522237
1⤵
PID:3364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe 1698522237
1⤵
PID:6224

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:5644

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:5648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0142.exe 1698522237
1⤵
PID:6376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /save 1698522237
1⤵
PID:8804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+112064.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a051.exe
1⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a08.exe 1698522237
1⤵
PID:10076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe+112064.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a011.exe
1⤵
PID:9912

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9744

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9736

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe+48137.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a024.exe
1⤵
PID:9708

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:9596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:9516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:9304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
1⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a015.exe 1698522237
1⤵
PID:7552

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Executes dropped EXE
- Kills process with taskkill
PID:3020

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a044.exe 1698522237
1⤵
PID:9104

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:5864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe 1698522237
1⤵
PID:6428

C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
1⤵
- Kills process with taskkill
PID:8520

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a0126.exe 1698522237
1⤵
PID:8532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a023.exe 1698522237
1⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe /save 1698522237
1⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a017.exe 1698522237
1⤵
PID:8112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+63630.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
1⤵
PID:6832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe+63630.txt C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a056.exe
1⤵
PID:6704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /save 1698522237
1⤵
PID:7744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe /protect 1698522237
1⤵
PID:6580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7f568a3d32bd441e85bc1511092fbe0

SHA1
89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2

SHA256
0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a

SHA512
8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
51f8805020349110c73304ecc6a8b7b9

SHA1
ef4d44c449d4918c8ec74d610e8d9ef673390621

SHA256
872c6954927f7dea4f18b8ba1bd981bf0dc56b0bfa2432d94039bc4510ee9369

SHA512
68285499fdeefa4765a4860f7fce48d2c10537980639e75d1bfd3ebbf9c531bfe408fb7177cd17d02af8c92c253ed5df695b7e81a3d46f9d6397abe9cb930472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c7c8f10034fabb6d285a721550e41cd

SHA1
1fc595825c95f94877fb029b483105b5ab23bd0c

SHA256
88da3fbd93d452ad140a873f8b9e9a7c7a0dbfb898318f49e716e4142896474e

SHA512
f68c512db69c7417698c31c912f1cb4f3b594f2b1424c32b5e08f0379e33c0bcff740c95e8855f3b51aac45dcf7d646527bce161bb8651cd681a916d28531953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fec40c1bf50fdc932aa789ecdabdbb0

SHA1
0569dd6d7f389ed0e655be692b3d31a7f7a97b7a

SHA256
563ab691a3fd1dba4ac54770d3478a7db361be905b99ba229e11c9fa0d2f32b4

SHA512
d469eb782e2c2521eefced3db0629b2f926d3f969554632a7a7ea63c18e7b3fe0cf977f5848cd3f1da69fee11f3f96bacaa981abc0b9e6fb90f246f87f3671b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
279002eeaf884eece99f94aebd6a199a

SHA1
febfe96b4c1800de11aa2e7075f1795705c2dc0d

SHA256
13b617cd0cabde0723a3edfea2235caf3c9fe0d24969cdd3b8034f441884ce3d

SHA512
bc44c5de5bbe41bc9eb85a0fecf9618570c9639fef37bfc14f76203ee1ed2639773b7da3d554094eb3d3754a1434f9faab54e6f51ed5af23558b5444594d04a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58ac454ab08661da12908d0fcdcaaee1

SHA1
6e8df8f4baeb2287d3991c6abe3de2671aa8f80a

SHA256
d35cee2c93697d958b6f6feac5796e7bee292b96584a175e9900ed4ad2de549e

SHA512
706a24cc3b30712ec9db0eeca01a6cff92b9c5c8baeb9c8947d5679b1793df5be2de5451db7349dd0a3f70f34218288b902919a667d9dd70931d77334ce83552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87d92914280fbd5439ce3edba337e115

SHA1
a4d57dbd128b42ba5349be7a89f68a93daf185ce

SHA256
4407d7a6d802e58070e88251c0385630946476f5a90f25683c68d2bc885470ff

SHA512
60c6b23e43998c5d9cdb27598afa7888e1714ebb7bb292fb34baeaa709701b539d7c2032801fe154333fbabb92b2f031fd16ba82e31ac44f9b6fb50526d7be06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b1ab87fac22f7f91b60287d60b1e3d68

SHA1
01a4abc72a35c8c25fd64eec6f44647c7d86cf3f

SHA256
46fcb11ba7c8aa2bc1f62a128e2361745e13a628da4c42f60d0c96d6083fbca5

SHA512
522f9f8551757e5f98117e04e76164554f41fc5e6064e3c002271dd7a66571c83118d779b1a5a8af73253a5e34a843675e37639f73c5ca053ebc86321383a993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80ced908a3157a148967dcdf3fce5da9

SHA1
818286b34c27aca1fc1d41c0c53740f4b6b957a8

SHA256
4b46e33c99addb62727989eaed893d4aefebee60d6b63e41e4576373f7b79306

SHA512
ae380eeabccbb37d9a493926c6d50c00c784fc9e44f2387228d09da4d0e350e54c2924f8fb119a9f433595356725227dbe531b7055be4fd531e5169e61c9816b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1379ea3c6c1a45c8104cfdcba5e197ea

SHA1
f299128fe88e48782d0f65e0b789ab0536e0b23e

SHA256
dcdf7ca584d6498a5dadfd7074133fc9db15a2bfdc32f5c96ebd7bba9fa31e7d

SHA512
901d0a15a82d1708a90435cbabe0e3ca0a8c0cc227174d8591c87658c3c8e186981930a00a45700ac57a666d1c2d1246d2507b65368e62734ff24a15653c770d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ppqxj052.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
450e46d8150cbc2c7f0ff68a410bc982

SHA1
82666224ce64cae26823ffcdd8ad26f462cd9418

SHA256
4c1d0bfc7c0caccffc2cdc2347093fd95ab68dccb18226a5385d8a6a6384ecae

SHA512
1834cc777768924bfd01ef4eeca4db01a21b96e15046c21b36d71970dfcb5552206f341661950994d37c3c181fe7800e13c74abcb69e7cfc8ac60a073a9bb72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\015947.txt

Filesize
5B

MD5
412301454090d60344e086faf8a54906

SHA1
678b298bd474f03c8ddd82f43991153ffb21b10f

SHA256
5fc2d482c6ae52039e7d917b5dd90b8b7de5eb42fa358d4bfb5e2a67a3bdc7d9

SHA512
fd71b3680eb4bff99828fcfba565d2787c36ed460ec52319d4533b4aebd4ff3daa85296ca0dee2cf9dfffbedef51eb8bce2ce2f63d635dbd648f320d7c5babca

Download Submit
C:\Users\Admin\AppData\Local\Temp\016993.txt

Filesize
4B

MD5
6b5617315c9ac918215fc7514bef514b

SHA1
4b186c08fa1d726270bc93e7a8c874eaf55daed4

SHA256
15fd8df16e6feb96fbfea437c8f9aee71268269032a343c35560fb1181d408ec

SHA512
6437c52b63d336d1c6571a8adbbbd536e90d8199d55c155f3cf18c7666c2f66d6d16c05476f7ca11078d41cb9310d035ce61ab8b1a779f68690778b08f71c93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\016993.txt

Filesize
4B

MD5
6b5617315c9ac918215fc7514bef514b

SHA1
4b186c08fa1d726270bc93e7a8c874eaf55daed4

SHA256
15fd8df16e6feb96fbfea437c8f9aee71268269032a343c35560fb1181d408ec

SHA512
6437c52b63d336d1c6571a8adbbbd536e90d8199d55c155f3cf18c7666c2f66d6d16c05476f7ca11078d41cb9310d035ce61ab8b1a779f68690778b08f71c93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\118038.txt

Filesize
5B

MD5
07c0dec6e97ec77c01aa90902a3fc6b5

SHA1
1f14a2710129dd0ea853ba759b45b3d543ca295a

SHA256
dbf5a927a39ac49b24a3a8ab7a142f64a27c7556001754f167e171e2601a003c

SHA512
ce7a7d548153cd6579695d0f379ac47829868fea9742b1e60f8fc1c4e82df08c78246e25d3cf9504f2100354dc65e228f1114d1cb645b1387852aaba263a6dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\170590.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\17616.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\203168.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\22992.txt

Filesize
4B

MD5
e465ae46b07058f4ab5e96b98f101756

SHA1
c2f228e7e2baf57a537893f20f0615908410ad15

SHA256
23adf0dede5322e64b4276608273a706aaa6906a48b0824610772696cb3cce0e

SHA512
728aac2cdade2c540fd6e56f35e4566fe488028ef760b9e400691860f243fbc095a1e063037ba9e5167d9115e157d27402922482418abb05afd991871295e388

Download Submit
C:\Users\Admin\AppData\Local\Temp\22992.txt

Filesize
4B

MD5
e465ae46b07058f4ab5e96b98f101756

SHA1
c2f228e7e2baf57a537893f20f0615908410ad15

SHA256
23adf0dede5322e64b4276608273a706aaa6906a48b0824610772696cb3cce0e

SHA512
728aac2cdade2c540fd6e56f35e4566fe488028ef760b9e400691860f243fbc095a1e063037ba9e5167d9115e157d27402922482418abb05afd991871295e388

Download Submit
C:\Users\Admin\AppData\Local\Temp\28475.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\29126.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\428787.txt

Filesize
5B

MD5
b10acef62a5c13b2ffa3494fe5a2dab5

SHA1
2093c733e6f1f0acd96f901c2361b59668d08418

SHA256
b6235776fba833a7e1d3795849d9343bf7b4b021929dc96d30fef55e61483de1

SHA512
a1cc69293ceb7c83fa4074de37109065faafc0a7ff759bb5d232f00cd45c055866f088eefa605907ec2898ae3cc2b027f548b8cb6512077959e63c9d80727def

Download Submit
C:\Users\Admin\AppData\Local\Temp\428787.txt

Filesize
5B

MD5
b10acef62a5c13b2ffa3494fe5a2dab5

SHA1
2093c733e6f1f0acd96f901c2361b59668d08418

SHA256
b6235776fba833a7e1d3795849d9343bf7b4b021929dc96d30fef55e61483de1

SHA512
a1cc69293ceb7c83fa4074de37109065faafc0a7ff759bb5d232f00cd45c055866f088eefa605907ec2898ae3cc2b027f548b8cb6512077959e63c9d80727def

Download Submit
C:\Users\Admin\AppData\Local\Temp\531833.txt

Filesize
4B

MD5
5a66b9200f29ac3fa0ae244cc2a51b39

SHA1
620064526103c92921d90de1ba16c8e518538b77

SHA256
efdcf5044edcc6519ebbacf87e926312908ec93e6a56de1c4528251730b17ab1

SHA512
0bcecce394785112b557a68aa305b24f82aaac7a08b4f3e4da770e6b008e280b02b4ef63100a72016b1fe1d6404fa63316d1bcab5a4694d76af0f8ffe54f5343

Download Submit
C:\Users\Admin\AppData\Local\Temp\531833.txt

Filesize
4B

MD5
5a66b9200f29ac3fa0ae244cc2a51b39

SHA1
620064526103c92921d90de1ba16c8e518538b77

SHA256
efdcf5044edcc6519ebbacf87e926312908ec93e6a56de1c4528251730b17ab1

SHA512
0bcecce394785112b557a68aa305b24f82aaac7a08b4f3e4da770e6b008e280b02b4ef63100a72016b1fe1d6404fa63316d1bcab5a4694d76af0f8ffe54f5343

Download Submit
C:\Users\Admin\AppData\Local\Temp\56888.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\75199.txt

Filesize
5B

MD5
cef73ce6eae212e5db48e62f609243e9

SHA1
7e337c2e5f3c148f0b9176f7cbe99958dacb9e19

SHA256
43a3999cca5ec6542030949fbb94d392de7dedd3fdd8e89d713dd0267aebe9d3

SHA512
9b08f0a337659151d16b11ef2bce66dacb75c9539a28ebd2e05e4c804efe256cab98ad81173f7363c1d57a003db8feffe14e5a347a82769969311e484ac1d590

Download Submit
C:\Users\Admin\AppData\Local\Temp\75199.txt

Filesize
5B

MD5
cef73ce6eae212e5db48e62f609243e9

SHA1
7e337c2e5f3c148f0b9176f7cbe99958dacb9e19

SHA256
43a3999cca5ec6542030949fbb94d392de7dedd3fdd8e89d713dd0267aebe9d3

SHA512
9b08f0a337659151d16b11ef2bce66dacb75c9539a28ebd2e05e4c804efe256cab98ad81173f7363c1d57a003db8feffe14e5a347a82769969311e484ac1d590

Download Submit
C:\Users\Admin\AppData\Local\Temp\94422.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe

Filesize
3.0MB

MD5
694c3ea5f9a8e2a5f6d2370e1c421f7b

SHA1
e81603bd1f7402dbd2deb06d17bfb226e3a529d4

SHA256
d1e2f637da47f5981a4ece5a6e9537de2b69da35f0f16dc8f26fbf449d0f5f22

SHA512
4ba67589a8e5681c96cb6ab57effdb917d29d1ca634b71771e4f0f387aed1b137c5d12a3182e189ae6ba07f25c731ece60a00db9f5ae3c0e96fc2b0f1ba8dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a00.exe

Filesize
3.0MB

MD5
694c3ea5f9a8e2a5f6d2370e1c421f7b

SHA1
e81603bd1f7402dbd2deb06d17bfb226e3a529d4

SHA256
d1e2f637da47f5981a4ece5a6e9537de2b69da35f0f16dc8f26fbf449d0f5f22

SHA512
4ba67589a8e5681c96cb6ab57effdb917d29d1ca634b71771e4f0f387aed1b137c5d12a3182e189ae6ba07f25c731ece60a00db9f5ae3c0e96fc2b0f1ba8dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a01.exe

Filesize
3.0MB

MD5
1e335009461d3945ca5febcf35e7f059

SHA1
e7e2582c4921227ae85a7cc8821155154af10d93

SHA256
7ecdffab6ddfb095ab417f13c00680b6762c39bcb004e27e289848d1b5fcd457

SHA512
78b24db66b69108d6e79679eea1af310f5364b55d6fad8db0579e76ea342e63a0df4b6a6e560685ef0c054c3addb9e1ee7ac637179c07e5b4fb0d0ea6dae6906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a010.exe

Filesize
3.0MB

MD5
1e45f8bdcafd3a29a7195f64d0c1e9be

SHA1
7eeaf187a742624632f68cb7501df6bcfb31fe54

SHA256
a506e4bc62f134487e4ddb3d501cfc573bee8485735ceb80b101890121df6d3d

SHA512
461ba6f52fbd6289b35289ec33669e102ab82b101c138f50b286e0b57aac8f9afa874e96bf60ebd9466690b3f7cc502d366c43d26fca7cdcf90d32623e106807

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe

Filesize
3.0MB

MD5
eb93a6c1f12f4b0c2dbaa31025a700f9

SHA1
d307ca50f05820b283399ee5f1be9c53073de7ea

SHA256
799e5bb52da0a162099ef7450498128e1fa2408185924429e5e684dc9ee781db

SHA512
09f3848222934ed09d2e34899c70f58d8a6aebe53fea0114495f31cf5e12a0b0ed2fb8cb86f4cfffcc039967b9130f091dc307987a24fb69f01c2287263e45b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a012.exe

Filesize
3.0MB

MD5
eb93a6c1f12f4b0c2dbaa31025a700f9

SHA1
d307ca50f05820b283399ee5f1be9c53073de7ea

SHA256
799e5bb52da0a162099ef7450498128e1fa2408185924429e5e684dc9ee781db

SHA512
09f3848222934ed09d2e34899c70f58d8a6aebe53fea0114495f31cf5e12a0b0ed2fb8cb86f4cfffcc039967b9130f091dc307987a24fb69f01c2287263e45b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe

Filesize
3.0MB

MD5
1e6a8b73a3fb56db7d52f9067825f698

SHA1
bee0198d6b35d2a90bbddb4a61e615277ae9d9d0

SHA256
1bf6d3c773a1eb44329d7e5ad97277df02a4074cfcff018811e3cfb0aebad46f

SHA512
8168f2209c688aa2e2911c8fbae1c4bbe5258faa76f25b58e25b564c177f50bbe07e1e8596b44c1d4a981b1f8eba5bf1f48852c6e02285ad71bb8ae47c7d99ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a014.exe

Filesize
3.0MB

MD5
1e6a8b73a3fb56db7d52f9067825f698

SHA1
bee0198d6b35d2a90bbddb4a61e615277ae9d9d0

SHA256
1bf6d3c773a1eb44329d7e5ad97277df02a4074cfcff018811e3cfb0aebad46f

SHA512
8168f2209c688aa2e2911c8fbae1c4bbe5258faa76f25b58e25b564c177f50bbe07e1e8596b44c1d4a981b1f8eba5bf1f48852c6e02285ad71bb8ae47c7d99ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe

Filesize
3.0MB

MD5
9babaa818603f6a23ec9273a19e061ac

SHA1
52a761c354c29de05ec935c4f9234801c4c670e4

SHA256
5cc97c6186c29355735bcf3184cda0d5981187bd70a02c95044c59053ee50452

SHA512
f85d1c99a61bcc921f8a987e76280f3a4137b07047dab31ef14dfd1005b806135e8bef8da56c850759832d8014cc8e529e5b99aaac165fffb1166e711788fb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a02.exe

Filesize
3.0MB

MD5
9babaa818603f6a23ec9273a19e061ac

SHA1
52a761c354c29de05ec935c4f9234801c4c670e4

SHA256
5cc97c6186c29355735bcf3184cda0d5981187bd70a02c95044c59053ee50452

SHA512
f85d1c99a61bcc921f8a987e76280f3a4137b07047dab31ef14dfd1005b806135e8bef8da56c850759832d8014cc8e529e5b99aaac165fffb1166e711788fb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe

Filesize
3.0MB

MD5
964ad9546c69dcb9bd2bdffe98b8b7b0

SHA1
57a5cc847ea8652899df148ff8df3f9e4b28dc91

SHA256
5a41ee0c2aa3b0711f73fa1a6dc0feaa9534b8b45afb0ea0f477bff877b91b3a

SHA512
14bdc43e92314d7cebd8202505dc17d6f541d2e692ba6f165bfaa621474248663ae65040a2abf396c556c7e484609435947e58d3242260bf85fed901e68b7e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe

Filesize
3.0MB

MD5
964ad9546c69dcb9bd2bdffe98b8b7b0

SHA1
57a5cc847ea8652899df148ff8df3f9e4b28dc91

SHA256
5a41ee0c2aa3b0711f73fa1a6dc0feaa9534b8b45afb0ea0f477bff877b91b3a

SHA512
14bdc43e92314d7cebd8202505dc17d6f541d2e692ba6f165bfaa621474248663ae65040a2abf396c556c7e484609435947e58d3242260bf85fed901e68b7e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a04.exe

Filesize
3.0MB

MD5
964ad9546c69dcb9bd2bdffe98b8b7b0

SHA1
57a5cc847ea8652899df148ff8df3f9e4b28dc91

SHA256
5a41ee0c2aa3b0711f73fa1a6dc0feaa9534b8b45afb0ea0f477bff877b91b3a

SHA512
14bdc43e92314d7cebd8202505dc17d6f541d2e692ba6f165bfaa621474248663ae65040a2abf396c556c7e484609435947e58d3242260bf85fed901e68b7e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.2ebddcbd78e6d2a3d954b9df55e441a05.exe

Filesize
3.0MB

MD5
8f3a55a96c51d5b37b3cd2d27ed6db1b

SHA1
25bd2dca7abf43778018f269f8ead4d587ad6a65

SHA256
5e07526b99d77475f7feb9fad4927a3592d40af9992b733f3330687a62cc6feb

SHA512
413dfe2f2624e47e49e97295a787e1f2866d98c2934acbfe6789cb1fd71137d855451b807d48633180f8e757a5607a516484047593aad20093f85d96c3aa8f05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
6KB

MD5
a4c0790f9a1468a9c72eea3a8695a27c

SHA1
05c436bda211b949834f9af2bd9a816e1879478d

SHA256
e844e1dd1876a4a2ce4e82385887e6f8b94fa884507abd32614d648ff58b1c9f

SHA512
af048cf7e3920ef652b98ac3d91ff499d74b1ed76627866719f1e55f8f332da01c00ac2bfd720d001ec01cd4b99c037e585ff24f46878f08535eaa33521d0826

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
6KB

MD5
33d0d7b540f38ef0daa972ef5ec6fa8c

SHA1
aad8a6a4a8a7874f568802ea2b6d63e93f1cc3f9

SHA256
f8e7170906f5f286f37c2e6821685a4f832f6bb22f283b7b897564a7cd97db69

SHA512
3344c65e0c1c7df52a026a093b33610c22521270de09a2ede19f2ea90e2ce17659400fa8ac950f71a25abf99717766c7c44f85c1a1f345e4f497f9a5e444f0fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs-1.js

Filesize
6KB

MD5
1426c1aa50639bb4d234eaba865254a3

SHA1
46f2bcaedd2930542393235488df8638423f382e

SHA256
347bf27ba55a87c04aa5c2a7a0543a7b8f5bf66c5937026f2b38ec526309df7c

SHA512
fd5834eec6fafbe97d6e965e253f94fbdde4775829844ab0f28b93a8525b109c420594a8fcb0585e16288ab8cfe2abc01f561d8d10edfcca60b0492976192bd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\prefs.js

Filesize
6KB

MD5
b1dea4b81e7f65fe8ae1be352582dc39

SHA1
84b8b137f32da2edf913e3b0d3b110e3ecb83a3a

SHA256
4f5f9e60dcca06e97d93ffc913a52483f4f6908090cf5a41311e7aa3c408d883

SHA512
b44e11c849ab544610d595b2020083bf6a16971072089f9479a0a00b0d16ede9df164b82451c13d10a0b278def7fc56d895eec3bee03746bb98e704f1314136f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1005B

MD5
bd54d95262bc9941c097ffcbf5be982b

SHA1
f0708cd9eef6145c41a282d931c184ad009cd4f7

SHA256
ee5b5d7f5b06344cc097e0e62a64f118e77e877cda9fb951b7637e8fce36008f

SHA512
746e6a2b425092c3a33aa6c1a21d2494cc55dd97dd9f182ad1a1bea0042b60aec3404cc41d3d8180270dcfecf5bce7daa52fcfe490a5b18274310dbcb9078504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d4f6c1c1e976add36d81ca6a6e392b9d

SHA1
09c119c507c21629b05498a55a3d54ce116630af

SHA256
f91d3cc7d8f1455f53534d06e020761b12259f3dcc910d76f0ba826bd2f01a1e

SHA512
2660534a0402071ec8b1c80ac84b831760d25ab2a2f61d4e6d019fe474829f71a3f8732003764b0718a5ad7b2da733254b162163f957c1427f19a6c40dc7c8e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ppqxj052.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
49b0ac575ed987eea2bc11641c751cd8

SHA1
591a809c96d825a055281310da71a57e6b50caef

SHA256
44e7625fc36bfb1caa641531b91fdf5aeea85b4c16807773af6dfe5d4f5be612

SHA512
199a412cb4f823bcbfdb76520ffaba946a6e4ba46f0c34803ecc40eee1ae7d159cb1ecbe4e0ee366e8c9dce53687890d2ec5bbe6d9c0144e189c929124847155

Download Submit
memory/548-134-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/788-51-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1968-212-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2440-202-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2716-132-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2960-178-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2988-207-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3008-168-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3016-177-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3020-173-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3020-263-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3912-151-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4100-340-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4100-415-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4212-150-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4344-145-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4540-176-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4540-244-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4692-146-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4756-135-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4764-387-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4764-245-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4768-90-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4820-57-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4940-198-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/4972-164-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5032-133-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5068-201-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5168-380-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5168-243-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5516-384-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5696-393-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5696-295-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5840-410-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5840-414-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/5888-407-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6092-237-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6092-375-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6748-411-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6820-412-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6828-223-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/6836-413-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/7432-285-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/9312-416-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download