d30d76f76cb35f76ccae7195219bdf18ae41fcf850373664e656b339dae8137a

Analysis

max time kernel
200s
max time network
320s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Size

3.0MB
MD5

6f432490508bc0235c1cc0fae49944a0
SHA1

8ca0e681a21239803ca19469ed89873eafa39b7f
SHA256

d30d76f76cb35f76ccae7195219bdf18ae41fcf850373664e656b339dae8137a
SHA512

2daa5f69aba2d0abd1872c6c9a140f669eddbf9096b12238dfb48a514068344fb146b967deb6ce5689cc6b53034c0c5b740772efc084cbb9e18a6860adb8d515
SSDEEP

49152:j495UciMmq/NhjX5p3JOCdLAweZnE5c965nqqIP2ItdP:jk5LhzACdLAlnE5co5nqqIP2ItdP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
6212	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6220	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7072	NEAS.6f432490508bc0235c1cc0fae49944a02.exe
7148	NEAS.6f432490508bc0235c1cc0fae49944a03.exe
6548	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6440	NEAS.6f432490508bc0235c1cc0fae49944a03.exe
6336	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7004	NEAS.6f432490508bc0235c1cc0fae49944a02.exe
6232	NEAS.6f432490508bc0235c1cc0fae49944a03.exe
6876	NEAS.6f432490508bc0235c1cc0fae49944a02.exe
6800	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6164	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6736	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6856	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6324	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6536	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6616	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6284	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6312	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6744	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6764	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6792	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6776	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6808	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7040	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6920	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7144	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7208	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7272	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7280	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7292	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7300	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7564	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7580	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7596	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7704	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7880	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7816	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7832	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7800	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7768	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7784	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7752	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7736	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7720	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7848	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7864	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7896	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7912	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7928	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7944	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7960	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7976	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
6396	cmd.exe
7572	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7712	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7588	NEAS.6f432490508bc0235c1cc0fae49944a05.exe
7840	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7728	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7824	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7808	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7792	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7760	NEAS.6f432490508bc0235c1cc0fae49944a08.exe
7744	NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Loads dropped DLL 64 IoCs

pid	Process
4448	cmd.exe
4116	cmd.exe
4448	cmd.exe
4116	cmd.exe
6332	cmd.exe
7004	NEAS.6f432490508bc0235c1cc0fae49944a02.exe
6332	cmd.exe
7004	NEAS.6f432490508bc0235c1cc0fae49944a02.exe
7028	conhost.exe
7028	conhost.exe
7084	cmd.exe
7108	cmd.exe
7092	cmd.exe
7016	cmd.exe
7084	cmd.exe
7100	cmd.exe
7108	cmd.exe
7092	cmd.exe
7016	cmd.exe
7116	cmd.exe
6340	cmd.exe
6396	cmd.exe
6384	cmd.exe
6368	cmd.exe
6348	cmd.exe
7100	cmd.exe
7116	cmd.exe
6340	cmd.exe
6248	cmd.exe
6264	cmd.exe
6396	cmd.exe
6412	cmd.exe
6384	cmd.exe
6368	cmd.exe
6348	cmd.exe
6936	cmd.exe
6248	cmd.exe
6264	cmd.exe
6240	cmd.exe
6256	cmd.exe
6360	cmd.exe
6412	cmd.exe
6444	cmd.exe
6936	cmd.exe
6376	cmd.exe
6240	cmd.exe
6256	cmd.exe
6360	cmd.exe
6404	cmd.exe
6388	cmd.exe
6996	Process not Found
6444	cmd.exe
6984	Process not Found
6376	cmd.exe
6404	cmd.exe
6388	cmd.exe
6288	cmd.exe
6516	conhost.exe
6472	cmd.exe
6288	cmd.exe
6564	cmd.exe
7124	cmd.exe
6516	conhost.exe
6472	cmd.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
9272	taskkill.exe
9892	taskkill.exe
9644	taskkill.exe
9556	taskkill.exe
9588	taskkill.exe
5064	taskkill.exe
9320	taskkill.exe
3464	taskkill.exe
9724	taskkill.exe
9604	taskkill.exe
9548	taskkill.exe
9852	taskkill.exe
9580	taskkill.exe
9264	taskkill.exe
2488	taskkill.exe
12584	taskkill.exe
6980	taskkill.exe
9716	taskkill.exe
9684	taskkill.exe
9660	taskkill.exe
9812	taskkill.exe
12884	taskkill.exe
9304	taskkill.exe
9224	taskkill.exe
2568	taskkill.exe
9668	taskkill.exe
9860	taskkill.exe
9636	taskkill.exe
6604	taskkill.exe
2816	taskkill.exe
9240	taskkill.exe
9452	taskkill.exe
9884	taskkill.exe
9652	taskkill.exe
9360	taskkill.exe
9280	taskkill.exe
8532	taskkill.exe
12684	taskkill.exe
9232	taskkill.exe
268	taskkill.exe
5028	taskkill.exe
12664	taskkill.exe
9352	taskkill.exe
9344	taskkill.exe
9612	taskkill.exe
9876	taskkill.exe
9620	taskkill.exe
12876	taskkill.exe
9416	taskkill.exe
9376	taskkill.exe
9676	taskkill.exe
12696	taskkill.exe
9256	taskkill.exe
3476	taskkill.exe
9740	taskkill.exe
12788	taskkill.exe
6612	taskkill.exe
9336	taskkill.exe
9628	taskkill.exe
12704	taskkill.exe
9312	taskkill.exe
2500	taskkill.exe
9432	taskkill.exe
9868	taskkill.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeAssignPrimaryTokenPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeLockMemoryPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeIncreaseQuotaPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeMachineAccountPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeTcbPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSecurityPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeTakeOwnershipPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeLoadDriverPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemProfilePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemtimePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeProfSingleProcessPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeIncBasePriorityPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreatePagefilePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreatePermanentPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeBackupPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeRestorePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeShutdownPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeDebugPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeAuditPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemEnvironmentPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeChangeNotifyPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeRemoteShutdownPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeUndockPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSyncAgentPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeEnableDelegationPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeManageVolumePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeImpersonatePrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreateGlobalPrivilege	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 31	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 32	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 33	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 34	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 35	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreateTokenPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeAssignPrimaryTokenPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeLockMemoryPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeIncreaseQuotaPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeMachineAccountPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeTcbPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSecurityPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeTakeOwnershipPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeLoadDriverPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemProfilePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemtimePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeProfSingleProcessPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeIncBasePriorityPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreatePagefilePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreatePermanentPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeBackupPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeRestorePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeShutdownPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeDebugPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeAuditPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSystemEnvironmentPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeChangeNotifyPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeRemoteShutdownPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeUndockPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeSyncAgentPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeEnableDelegationPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeManageVolumePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeImpersonatePrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: SeCreateGlobalPrivilege	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe
Token: 31	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2200	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	28
PID 2772 wrote to memory of 2200	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	28
PID 2772 wrote to memory of 2200	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	28
PID 2200 wrote to memory of 2612	2200	cmd.exe	29
PID 2200 wrote to memory of 2612	2200	cmd.exe	29
PID 2200 wrote to memory of 2612	2200	cmd.exe	29
PID 2772 wrote to memory of 2512	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	31
PID 2772 wrote to memory of 2512	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	31
PID 2772 wrote to memory of 2512	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	31
PID 2512 wrote to memory of 2520	2512	cmd.exe	32
PID 2512 wrote to memory of 2520	2512	cmd.exe	32
PID 2512 wrote to memory of 2520	2512	cmd.exe	32
PID 2772 wrote to memory of 2076	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	34
PID 2772 wrote to memory of 2076	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	34
PID 2772 wrote to memory of 2076	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	34
PID 2076 wrote to memory of 3040	2076	cmd.exe	35
PID 2076 wrote to memory of 3040	2076	cmd.exe	35
PID 2076 wrote to memory of 3040	2076	cmd.exe	35
PID 2772 wrote to memory of 2784	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	37
PID 2772 wrote to memory of 2784	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	37
PID 2772 wrote to memory of 2784	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	37
PID 2612 wrote to memory of 1312	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	38
PID 2612 wrote to memory of 1312	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	38
PID 2612 wrote to memory of 1312	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	38
PID 2784 wrote to memory of 2496	2784	cmd.exe	39
PID 2784 wrote to memory of 2496	2784	cmd.exe	39
PID 2784 wrote to memory of 2496	2784	cmd.exe	39
PID 2772 wrote to memory of 1812	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	41
PID 2772 wrote to memory of 1812	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	41
PID 2772 wrote to memory of 1812	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	41
PID 1812 wrote to memory of 2488	1812	cmd.exe	42
PID 1812 wrote to memory of 2488	1812	cmd.exe	42
PID 1812 wrote to memory of 2488	1812	cmd.exe	42
PID 2772 wrote to memory of 2568	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	43
PID 2772 wrote to memory of 2568	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	43
PID 2772 wrote to memory of 2568	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	43
PID 2612 wrote to memory of 2744	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	45
PID 2612 wrote to memory of 2744	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	45
PID 2612 wrote to memory of 2744	2612	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	45
PID 3040 wrote to memory of 672	3040	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	46
PID 3040 wrote to memory of 672	3040	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	46
PID 3040 wrote to memory of 672	3040	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	46
PID 2568 wrote to memory of 776	2568	cmd.exe	47
PID 2568 wrote to memory of 776	2568	cmd.exe	47
PID 2568 wrote to memory of 776	2568	cmd.exe	47
PID 2772 wrote to memory of 2808	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	49
PID 2772 wrote to memory of 2808	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	49
PID 2772 wrote to memory of 2808	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	49
PID 2808 wrote to memory of 2840	2808	cmd.exe	52
PID 2808 wrote to memory of 2840	2808	cmd.exe	52
PID 2808 wrote to memory of 2840	2808	cmd.exe	52
PID 2772 wrote to memory of 2868	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	50
PID 2772 wrote to memory of 2868	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	50
PID 2772 wrote to memory of 2868	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	50
PID 2868 wrote to memory of 1992	2868	cmd.exe	53
PID 2868 wrote to memory of 1992	2868	cmd.exe	53
PID 2868 wrote to memory of 1992	2868	cmd.exe	53
PID 2772 wrote to memory of 1252	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	55
PID 2772 wrote to memory of 1252	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	55
PID 2772 wrote to memory of 1252	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	55
PID 1252 wrote to memory of 2476	1252	cmd.exe	56
PID 1252 wrote to memory of 2476	1252	cmd.exe	56
PID 1252 wrote to memory of 2476	1252	cmd.exe	56
PID 2772 wrote to memory of 1876	2772	NEAS.6f432490508bc0235c1cc0fae49944a0.exe	57

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+330630.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:1312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        
        PID:6108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+330107.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6232
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6656
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9400
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
        5⤵
        
        PID:3460
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12548
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+27109.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:7224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2488
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+330107.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7768
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6596
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:6464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7232
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+27109.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:6316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      PID:7664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2840
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+330107.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:7968
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7224
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
        5⤵
        
        PID:8748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12508
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:12576
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+27109.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:6912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:6560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7640
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9320
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      Loads dropped DLL
      PID:7016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6444
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:10768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:2656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6632
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:6128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6484
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8780
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:12872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6824
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6120
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6964
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9540
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8508
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2136
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7848
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7164
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6396
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6688
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:9432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6784
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:4476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:11764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6536
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:4412
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:5400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6600
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7068
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9408
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7712
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:1580
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:6916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6384
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:9296
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12540
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:12420
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7144
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8392
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:6356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7912
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7132
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9668
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8172
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6472
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:12848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6680
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817268.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:4188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6212
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6432
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:7952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9892
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817535.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:7040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2892
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:6272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:12996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6944
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:4348
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12640
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12876
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:12468
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2396
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7896
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6180
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:2552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:5280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:13004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8304
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:6452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:13060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:1676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7808
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:8828
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:4420
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:10692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8344
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6736
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:2656
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7720
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7656
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:6328
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:13084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6744
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6568
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:4428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:1636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:2796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:7936
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8296
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9392
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6776
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3268
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817268.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7648
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817535.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:7696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:10200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12652
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3324
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6840
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8468
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3396
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:4420
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:6756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817268.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:4100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8384
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7580
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9176
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817535.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:7140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:2752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:13068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817268.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:4284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:6124
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12604
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817535.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:7112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6616
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6348
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:5780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3784
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6248
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:10784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:2748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6708
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7824
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6672
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:8092
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
      4⤵
      PID:8720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
      4⤵
      PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
        5⤵
        
        PID:12988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4024
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6520
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:13124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817268.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:4348
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7028
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:9596
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12516
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+817535.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:1196
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:1936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:2840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6736
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:4448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+228016.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5104
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:2816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+321462.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:7248
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        
        PID:10180
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12632
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:5284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:2748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:3568
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:2564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:12856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4000
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:6560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:3480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8484
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:12924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        
        PID:7856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7068
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:5028
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:7020
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:7616
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:9572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+228016.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:4676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        
        PID:8752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12492
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:12532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+321462.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:7184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:7092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:4448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4332
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6300
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4400
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+228016.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
      4⤵
      PID:4764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:1928
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
      4⤵
      PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
        5⤵
        
        PID:9692
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:12616
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:12884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+321462.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
      4⤵
      PID:6304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:7040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:6116
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:9328
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
        5⤵
        Executes dropped EXE
        
        PID:6336
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9164
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:9740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:9528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:2552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9820
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:10944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8540
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4628
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4652
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:13100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8556
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4784
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6592
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9484
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:8540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6576
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:7104
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:10504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      PID:6804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:9508
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:6372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:4976
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      4⤵
      PID:6656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
      4⤵
      PID:8108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
      4⤵
      Loads dropped DLL
      PID:6360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
      4⤵
      PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
        5⤵
        
        PID:3288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
  2⤵
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
    3⤵
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
  2⤵
  PID:8712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
    3⤵
    PID:12832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killwindows 1698527987
  2⤵
  PID:8724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killwindows 1698527987
    3⤵
    PID:12892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /KillHardDisk 1698527987
  2⤵
  PID:10704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /KillHardDisk 1698527987
    3⤵
    PID:9428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killMBR 1698527987
  2⤵
  PID:12784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killMBR 1698527987
    3⤵
    PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
  2⤵
  PID:13080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
    3⤵
    PID:5712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
  2⤵
  PID:11304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
    3⤵
    PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cpoy C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe C:\windows\system32\taskmgr.exe
  2⤵
  PID:13020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /autoup 1698527987
    3⤵
    PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killwindows 1698527987
  2⤵
  PID:11068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /killwindows 1698527987
    3⤵
    PID:13840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /KillHardDisk 1698527987
  2⤵
  PID:13968

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
1⤵
PID:436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+55996.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
  2⤵
  PID:6136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+925389.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe
  2⤵
  PID:8320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
  2⤵
  - Loads dropped DLL
  PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a09.exe 1698527987
  2⤵
  PID:12428

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
1⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /protect 1698527987
1⤵
PID:1680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+816745.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
  2⤵
  PID:6688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe+429316.txt C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
  2⤵
  PID:8140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
  2⤵
  - Loads dropped DLL
  PID:6256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
  2⤵
  PID:10020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a04.exe 1698527987
    3⤵
    PID:8060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1277255510-684425710-981558133-98658694-29212382714819475081330206398-65986211"
1⤵
PID:684

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-944703807-789188012128883164622554865847869097863088340112334257991490149229"
1⤵
PID:1624

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1348596811-1204372235-931240757-1320229418-1627003423799335374-1749197941784174442"
1⤵
PID:2720

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "580098993-817843339-509867471379708828-4443491861295711713-2171915431765619909"
1⤵
PID:1588

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1304568800-368248810-254815776-11650633341182872995-22050127-678887466-689746442"
1⤵
PID:1876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6711227415579290351128161002-179207451457639225-9816714171151848758763234772"
1⤵
PID:936

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16667644321937102592-1541683947-1100043430-1307935883-13402413431045520184-365349751"
1⤵
PID:1996

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1367089815-195624382-199002763-10573544411015395800-185803434291710400398023975"
1⤵
PID:1736

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "170905588617088679561562079227-171570857280719971-235351639-18980900301513811855"
1⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
1⤵
PID:3236

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-89211978544298092221072131131415169800-17689978761747620302189215048915144026"
1⤵
PID:3444

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1734730961-157958513018185326561694923443105363133687624208-1813127530-400508959"
1⤵
PID:3700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "104904790619704882889382980401003473044244951424248129-10662044391493993387"
1⤵
PID:3864

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "739102937612200363688114414-1157951611-376704331-94634891626413095-243532101"
1⤵
PID:3964

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15557549861889318615-1222003688-107948757-14553179978459591301037914728624937925"
1⤵
PID:3380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "470431425417858440161131398718234580911415897695-865459410-1399523192-1003056781"
1⤵
PID:3728

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1643858619-7115191471753197333-23797799215231049971128356815-304579415-1628121673"
1⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a0.exe /save 1698527987
1⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6932
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9700

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8212
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6604

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:6892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1292
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9232

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
1⤵
PID:8632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8624
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9352

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1072022971-1798661112-53871372310095302901398663184116990166-103284579799274839"
1⤵
- Loads dropped DLL
PID:6516
- C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
  2⤵
  - Executes dropped EXE
  PID:7272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:6628
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:9272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /autoup 1698527987
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /autoup 1698527987
      4⤵
      PID:12736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /killwindows 1698527987
    3⤵
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /killwindows 1698527987
      4⤵
      PID:11452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /KillHardDisk 1698527987
    3⤵
    PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /KillHardDisk 1698527987
      4⤵
      PID:9488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /killMBR 1698527987
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /killMBR 1698527987
      4⤵
      PID:2280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /protect 1698527987
    3⤵
    PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /protect 1698527987
      4⤵
      PID:13448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe /autoup 1698527987
    3⤵
    PID:13556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1218231314-1664599059-741609691-18304635491460942610-45359792493821161199242764"
1⤵
PID:6648

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-59437173-1505706503832378649674334223-17542570601755155222-1911094832-2036983582"
1⤵
PID:6600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1942803711-826310254-898131256-748887026-1639220889-8809213011932957105-1292484604"
1⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6140
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9928

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:6368
- C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
  2⤵
  - Executes dropped EXE
  PID:6324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:8268
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:9256

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:6396
- C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
  2⤵
  - Executes dropped EXE
  PID:6856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:1912
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:2488

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:6344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6592
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9304

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9172
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9732

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9248

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1552
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9612

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1368
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9780

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6768
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9900

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6252
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:8532

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6532
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9708

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9812

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:7664
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:5072

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9556

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:7008
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:2568

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6300
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9768

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9384

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4736
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:2588

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
PID:7776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8196
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:3476

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8672
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9940

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6680
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9860

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9852

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6412
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6612

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
1⤵
- Executes dropped EXE
PID:7704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6540
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9620

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
1⤵
- Executes dropped EXE
PID:7596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9288

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
1⤵
- Executes dropped EXE
PID:7572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6964
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:5068

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe 1698527987
1⤵
- Executes dropped EXE
PID:7564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8424
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:268

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6772
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9652

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6632
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9416

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:9180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9724

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:7208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9368

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1180237981-496360904-2231391011697479160-14452455039144910451916408794170719276"
1⤵
- Loads dropped DLL
PID:7028
- C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
  2⤵
  - Executes dropped EXE
  PID:6548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:2592
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:3464

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-406173245142593491512143119368649576974540805841406680468168252698352056219"
1⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:3064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9684

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4476
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9580

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9636

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1348206506-85014929218945057102037562437590432930167604051611721777901758082643"
1⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6316
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9876

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1840
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6980

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8832
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-27937192012410274621883707939-9970452491974843612-7703671524231409721963078066"
1⤵
PID:6696

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1744275184-1203007835-536750710114276446511963412372212291651574627588-1417110521"
1⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8416
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9452

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6444
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9360

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe 1698527987
1⤵
- Executes dropped EXE
PID:6800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9224

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "202626825-11563525821024512642-364106517-15482353271998968816-1446106601-545830003"
1⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
1⤵
- Executes dropped EXE
PID:6876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6424
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:9868

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe 1698527987
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8068
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:2500

C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe 1698527987
1⤵
- Executes dropped EXE
PID:6440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:8428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:9460

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20633406672068644006838617311995704145-1903136354612378027-295535042134076753"
1⤵
PID:6624

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-38936103519405781582080271925-18998644331608334973-30213241977344736-2080802290"
1⤵
PID:13108

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "221570431-1571754560-1113495661-1541097497520652292-1832926781710326506-619259954"
1⤵
PID:13292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\185504.bat

Filesize
111B

MD5
6a02f4667f4abcd56d35a575992c9102

SHA1
75df61820e69a16928142cacd4bf5cc630f859a1

SHA256
5857542cf5e4010dfc9d8e5a9d9d6e69c3578624f595c8d432941e93dea05463

SHA512
835254ad93f9fb033b01503efa039a69601e449606296316edc7dc07b8e042d556e623dc084d42a2aa61b7f75bc01cdb80976b3442d66ef9a54c0c54bce5c8e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\185504.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\18912.bat

Filesize
123B

MD5
9dcd50ba2cbc16066b46e2a2649487a4

SHA1
166a4ce17657539e3b125eed27bcc6b0de9486f8

SHA256
d37a5e72ae41455d3c78bf6bf08bd3de6431d46e00554ca050daef7449fb23e8

SHA512
f49391ada753685123a8fccac0372647d5bbaab0ee01d371e24c692cdb0a7f25db482ab25dd3874cb9698ca39888a14491998061eb742f2e72930c368b9acdc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\18912.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\18912.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\18912.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\18912.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\228016.txt

Filesize
5B

MD5
f8aee2c37235d0f679aa23371280367e

SHA1
d11f075a098edf1d33068b9847ea16eaf95f367f

SHA256
e9bb7915230bc6310ef529f96d32634eb2310ac6b32562174f4cb914a39bf48c

SHA512
5bfeb6dea3ff7809ed059f488cea450ec0a388b3e5d96a3906270c2a36072948cc7ae4750520444aa2ae249c1ca5175d373c0acf5badd49e77940b7d22f08db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\228016.txt

Filesize
5B

MD5
f8aee2c37235d0f679aa23371280367e

SHA1
d11f075a098edf1d33068b9847ea16eaf95f367f

SHA256
e9bb7915230bc6310ef529f96d32634eb2310ac6b32562174f4cb914a39bf48c

SHA512
5bfeb6dea3ff7809ed059f488cea450ec0a388b3e5d96a3906270c2a36072948cc7ae4750520444aa2ae249c1ca5175d373c0acf5badd49e77940b7d22f08db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\26620.bat

Filesize
122B

MD5
eaf9d94ab347c0eba5ca9c5634016cef

SHA1
f9fc2d2537b24c3ef5ec590b5f324cb451f321ce

SHA256
18b9cdbf2a4eca3ab0201ca7ed625a1ff81d29b94dce029139ed9926080dca01

SHA512
c67b47f7b23198952df6d8d37e280cdbfe120d5057bb0badb120e2e1028e2c61a50a57631d04c5e29a49702100ada641bab29494ae3f65b70f08af2f2daf5fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\330107.txt

Filesize
5B

MD5
2a95da8aab3b748d2f96e4503653181e

SHA1
43e1c9e049c6980094d5c386ac8c61882897c293

SHA256
4c1af3777bc2862c4e6e5eb6a229715ed00fb988f83cba9baa9268b9624fda33

SHA512
b93628c411e529ba108c5d453514ade39b74d517fa05ceee1db8ae6220fbc6ff7499e4bea9e5393e7a00e57215f31651b1bddc6c13b16211d7b7a1801fadaec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\330107.txt

Filesize
5B

MD5
2a95da8aab3b748d2f96e4503653181e

SHA1
43e1c9e049c6980094d5c386ac8c61882897c293

SHA256
4c1af3777bc2862c4e6e5eb6a229715ed00fb988f83cba9baa9268b9624fda33

SHA512
b93628c411e529ba108c5d453514ade39b74d517fa05ceee1db8ae6220fbc6ff7499e4bea9e5393e7a00e57215f31651b1bddc6c13b16211d7b7a1801fadaec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\330630.txt

Filesize
5B

MD5
b3bf6193684f3983bb8642c8add75a4a

SHA1
d36e1dd7195e2b4ee1b7a81cfb61614313edb4d6

SHA256
ff6669a3b4ccafc82ecf0356eb155d99ad4bfd68afbbf633c2cc123949561063

SHA512
b5c8ecd66fcc627571a8ab4956b41bd56833f87f37b4b2e964d1a6a534fd67023fc781d98419d960bef02ece576cdccaeef147c454c8d7341750056609d59d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\40456.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\40456.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\429316.txt

Filesize
5B

MD5
edfc6705ce43fac4bdba09653b2ca9b2

SHA1
bbc753cbb8e10538f4c8ce11b76c2ff10af21699

SHA256
12c8b3c288f27c5628649f2cec727a5ae9e9e385860679f07b970a6dab9ecc50

SHA512
305910f69b58ebd2177c8ea0bec62ad55157f27a440292e8ef1e7b40ae8a0cf6668b57abdcf035148a3e79a3883e14059275677dd418f863c46f3bc0477ba9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\55996.txt

Filesize
4B

MD5
c0ad6deb373037e7f63f219c850e3396

SHA1
b390e960d257506a938fe68a9486467cb6e46eed

SHA256
d97e1bd72e23f2269d06278d25558fad825fb0039d27cfab71eee2cf220873ab

SHA512
4eac11d6a3438e728ec880939c42da1cfb85557d6342e3328fd9a1916724496e68b954ccc2005504f5de5d16234b2dcafa2a7c482bdfbd57bec1cd8a54d5188f

Download Submit
C:\Users\Admin\AppData\Local\Temp\55996.txt

Filesize
4B

MD5
c0ad6deb373037e7f63f219c850e3396

SHA1
b390e960d257506a938fe68a9486467cb6e46eed

SHA256
d97e1bd72e23f2269d06278d25558fad825fb0039d27cfab71eee2cf220873ab

SHA512
4eac11d6a3438e728ec880939c42da1cfb85557d6342e3328fd9a1916724496e68b954ccc2005504f5de5d16234b2dcafa2a7c482bdfbd57bec1cd8a54d5188f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7398.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\7398.bat

Filesize
84B

MD5
b1e4892fcd293acc7cb325f9ce84c85a

SHA1
d80688b54ccd29ffea8a06c154bf5803b8c3fdfd

SHA256
ba61dac0a386c0972bf4ca93f98ae9c541361f67523e153895ab8b2f944565ef

SHA512
766762185355d0a29f7604d946b8f7cfdf5a03defe8b5725822b1d82d6b208afbe243b2fa6295fca741bfdb2ab527ebdb1ba3f0b9c89e1f0efce6f051316f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\816745.txt

Filesize
5B

MD5
587dab0fe0d84d649f235cd521c8b8cc

SHA1
8c4854037904e0cf3a0d2672c04fd89db5dee651

SHA256
7ca6b382386e703d69f46cd64decf30f7e975a76e3c4820cb4c101ae57458dae

SHA512
6d41dcf6e13d75dff34847fcdf95a3734277315f6cffd8aef784c1baa5e624594401fd2311d9fef493bbd650878e6715d6067a416a63d52920c314ce9b8475cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\816745.txt

Filesize
5B

MD5
587dab0fe0d84d649f235cd521c8b8cc

SHA1
8c4854037904e0cf3a0d2672c04fd89db5dee651

SHA256
7ca6b382386e703d69f46cd64decf30f7e975a76e3c4820cb4c101ae57458dae

SHA512
6d41dcf6e13d75dff34847fcdf95a3734277315f6cffd8aef784c1baa5e624594401fd2311d9fef493bbd650878e6715d6067a416a63d52920c314ce9b8475cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817268.txt

Filesize
5B

MD5
c89cef51792c2c4420221ba3964e5165

SHA1
23cb085e7ffc100386af93da46c56ccf779c09bc

SHA256
6e0484abec753b3e2e1e6cf29265dd77cc9568dd51dacaa9bb47398d5655ef2d

SHA512
abe53613486775b26217a96c01838f0e34b613b1145d6ea9116bde463cbd76600fdb32e8e05250fbbd9882c199cf2073686fe5fb33235033b281dc585d949ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\817535.txt

Filesize
5B

MD5
276d18b2db1978d562fa17920c57977f

SHA1
c05cddcf739c95c5d5189fbf2c21e216a4f50644

SHA256
0482e374a683c23f3ba43d31639452d01aec76ace6e2efb75b503d72be1d11c3

SHA512
a295202bf194d250441518b385a29137e925fbe7e146c2743bc318d0826d4b6b8225f79d65e1675b08866c193b914a39c05458db666f197445a4e72a5b8b636d

Download Submit
C:\Users\Admin\AppData\Local\Temp\817535.txt

Filesize
5B

MD5
276d18b2db1978d562fa17920c57977f

SHA1
c05cddcf739c95c5d5189fbf2c21e216a4f50644

SHA256
0482e374a683c23f3ba43d31639452d01aec76ace6e2efb75b503d72be1d11c3

SHA512
a295202bf194d250441518b385a29137e925fbe7e146c2743bc318d0826d4b6b8225f79d65e1675b08866c193b914a39c05458db666f197445a4e72a5b8b636d

Download Submit
C:\Users\Admin\AppData\Local\Temp\86288.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\925389.txt

Filesize
5B

MD5
c334ba61fe74aa5c2172b40beaf5bdb1

SHA1
2e86acc8bf127c8214abe6ee3cd95fe661575db0

SHA256
41bee82cc0b1bb23541f623a0f0377f187f572e361dfb893dedaa999e8167398

SHA512
7cad7263de7ce7e617fb95ca3db7d37db5c4889ab70c72e360bcd334cc0d666506659cdf96a2cbb23cb1a849e43ed1f80a185993d71583ab34165376e4db281c

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a05.exe

Filesize
3.0MB

MD5
8c7859b42f06123a9a75cf887d50b5a9

SHA1
bd982ae9dfeb389896ff384ca2a03a7a3dfa220f

SHA256
601c5150c9eb53ec46feef90fee3c295145dd0fee8ae0b712ea4000005bdb38e

SHA512
545a0ee675a9337cfc5db19af381ade83661e720baa950b83d641f5cd7c4cc897cea6ab315fe9a82c3ff99796e1b267e1212807e96d1faf1130d7ee88b19c60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a02.exe

Filesize
3.0MB

MD5
cd9ccbf1c8dc1adab2c4ac64dcb8005b

SHA1
e2404eb2c6d4a8ba19ede8457cb7e9e1b0b57ae1

SHA256
0733a6eb08fdab822e4646214b0db2ae1d134014237be7c3d590ae93e035ce10

SHA512
c8cf98ee7c6e0bd4f2ff873a994c759dd42b15f0281f9e167c4c2df84fe3b8b34fd4edb5d4edc516739514ca94c6b2036fa8ac496b22a6a4712937dc93b70ea8

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a03.exe

Filesize
3.0MB

MD5
c03c908262bb1a4bee0c08254b3191d4

SHA1
ffc1eb3c94fade2be8436aa95f71df48c7b8b10e

SHA256
3deaf0bb9706299e2d48e37bce2ccb792aa1986e0fe7da7cb1c036f073fdfb38

SHA512
ab77a8a09246a850ff6f0a841a457bda8ce17ac2abb82e1e1eb4126e3696510afdbb3f1055e723d829ae4424bf549bca24738584fc91f9c5e8d6c9f80c2b9164

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.6f432490508bc0235c1cc0fae49944a08.exe

Filesize
3.0MB

MD5
44179349a5afb6042436b1591b137067

SHA1
c791b011d838b830b48c87126cbf061839bbdbea

SHA256
823478f26c9296c9388baf5d038dd4418f66eda5a3f30d9e7993da851baa615b

SHA512
139adb3cad39b06cc70ff1dfc9353a807d5bb51be5e8280d21ae905337651a8a3381c892567dd63031dbb7a780244259bcfe16797363ed11669366f0588adf60

Download Submit
memory/340-289-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/436-300-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/548-305-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/776-17-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/848-298-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/872-288-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1088-291-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1092-299-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1280-296-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1532-123-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1536-293-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1660-303-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1664-290-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1796-304-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1920-302-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1980-287-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1992-285-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2136-184-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2152-292-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2312-301-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2340-297-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2476-286-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2488-15-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2496-14-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2520-12-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2612-3-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2772-5-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2792-117-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2840-18-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2936-295-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2956-185-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3036-294-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3040-13-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3460-271-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download