b9b4aba03c598333be28859e7f9b239de20464758056744354edecaba925d4f2

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Size

3.0MB
MD5

88e1eea9cc6e39cede24101cb66429f0
SHA1

bf292de1183bdd8861199ad4e010d2f0d43fab19
SHA256

b9b4aba03c598333be28859e7f9b239de20464758056744354edecaba925d4f2
SHA512

d5771615396523f836f10ee88dda515777837824c76631b12c0e2caeb17ccd7a97af627926f3efa6ffc0d3180be415e592a43e22c28b7d1dc61b0c452e2895bb
SSDEEP

49152:j495UciMmq/NhjX5p3JOCdLAweZnE5c965nqqIP2ItdX:jk5LhzACdLAlnE5co5nqqIP2ItdX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2200	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2056	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1072	NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
556	NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
2028	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2796	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
2684	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
1488	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
2800	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
2372	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1736	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
628	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
1676	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1028	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2264	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
2160	NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
2784	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2772	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2680	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2848	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2408	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
1768	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
828	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
584	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
2336	cmd.exe
1468	cmd.exe
1556	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
2268	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2484	cmd.exe
2660	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1056	NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
2044	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
984	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1964	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
1980	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3076	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3124	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3172	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3216	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3268	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3316	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3352	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3404	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3452	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3500	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3528	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3628	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3636	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3736	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3752	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3796	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3876	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3892	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3976	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
4000	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
4088	NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
3088	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3108	cmd.exe
3512	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2672	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
3664	cmd.exe
612	NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
3720	NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
3012	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Loads dropped DLL 64 IoCs

pid	Process
2840	cmd.exe
2840	cmd.exe
3044	cmd.exe
3044	cmd.exe
1372	Process not Found
2116	Process not Found
2420	cmd.exe
2420	cmd.exe
2912	cmd.exe
2160	NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
2912	cmd.exe
2160	NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
700	cmd.exe
2268	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
700	cmd.exe
2984	cmd.exe
2052	cmd.exe
2268	NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
2984	cmd.exe
2052	cmd.exe
3020	cmd.exe
3020	cmd.exe
872	Process not Found
1740	Process not Found
1708	cmd.exe
2480	cmd.exe
292	cmd.exe
1708	cmd.exe
292	cmd.exe
1268	Process not Found
2480	cmd.exe
2916	cmd.exe
2336	cmd.exe
1996	Process not Found
2916	cmd.exe
892	Process not Found
2336	cmd.exe
1936	Process not Found
2712	Process not Found
3044	cmd.exe
3040	cmd.exe
3044	cmd.exe
3040	cmd.exe
1880	conhost.exe
2432	Process not Found
1804	cmd.exe
1660	Process not Found
1804	cmd.exe
1496	cmd.exe
1496	cmd.exe
1124	Process not Found
700	cmd.exe
1624	cmd.exe
2912	cmd.exe
2484	cmd.exe
2276	cmd.exe
1928	cmd.exe
700	cmd.exe
1624	cmd.exe
2912	cmd.exe
2484	cmd.exe
2276	cmd.exe
1928	cmd.exe
1920	Process not Found

Kills process with taskkill 64 IoCs

evasion

pid	Process
268	Process not Found
5920	taskkill.exe
1748	taskkill.exe
11196	taskkill.exe
8892	taskkill.exe
8372	taskkill.exe
6428	taskkill.exe
11836	Process not Found
7112	taskkill.exe
1944	taskkill.exe
7016	taskkill.exe
11188	taskkill.exe
7680	taskkill.exe
6224	taskkill.exe
8584	taskkill.exe
6628	taskkill.exe
6728	taskkill.exe
6904	taskkill.exe
1028	taskkill.exe
10504	taskkill.exe
12700	Process not Found
7832	taskkill.exe
10312	taskkill.exe
10700	taskkill.exe
10896	taskkill.exe
11240	taskkill.exe
11248	taskkill.exe
6716	taskkill.exe
6708	taskkill.exe
8448	taskkill.exe
10320	taskkill.exe
5612	Process not Found
6832	taskkill.exe
6620	taskkill.exe
7744	taskkill.exe
11148	taskkill.exe
11172	taskkill.exe
5148	Process not Found
7720	taskkill.exe
10540	taskkill.exe
10712	taskkill.exe
11132	taskkill.exe
6328	taskkill.exe
5932	taskkill.exe
7620	taskkill.exe
12236	Process not Found
7000	taskkill.exe
8456	taskkill.exe
11140	taskkill.exe
11164	taskkill.exe
7012	taskkill.exe
7628	taskkill.exe
8244	taskkill.exe
10780	taskkill.exe
10440	taskkill.exe
7052	taskkill.exe
7496	taskkill.exe
7908	taskkill.exe
7244	taskkill.exe
6608	taskkill.exe
7488	taskkill.exe
7760	taskkill.exe
10812	taskkill.exe
11156	taskkill.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeAssignPrimaryTokenPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLockMemoryPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncreaseQuotaPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeMachineAccountPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTcbPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSecurityPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTakeOwnershipPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLoadDriverPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemProfilePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemtimePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeProfSingleProcessPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncBasePriorityPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreatePagefilePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreatePermanentPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeBackupPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeRestorePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeShutdownPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeDebugPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeAuditPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemEnvironmentPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeChangeNotifyPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeRemoteShutdownPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeUndockPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSyncAgentPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeEnableDelegationPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeManageVolumePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeImpersonatePrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreateGlobalPrivilege	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: 31	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: 32	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: 33	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: 34	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: 35	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreateTokenPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeAssignPrimaryTokenPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLockMemoryPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreateTokenPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncreaseQuotaPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeAssignPrimaryTokenPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLockMemoryPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeMachineAccountPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncreaseQuotaPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTcbPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeMachineAccountPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSecurityPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTcbPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSecurityPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTakeOwnershipPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeTakeOwnershipPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLoadDriverPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeLoadDriverPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemProfilePrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemProfilePrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemtimePrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeSystemtimePrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeProfSingleProcessPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeProfSingleProcessPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncBasePriorityPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreatePagefilePrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeIncBasePriorityPrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreatePermanentPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeCreatePagefilePrivilege	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
Token: SeBackupPrivilege	2384	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2892	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	29
PID 1148 wrote to memory of 2892	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	29
PID 1148 wrote to memory of 2892	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	29
PID 2892 wrote to memory of 2164	2892	cmd.exe	30
PID 2892 wrote to memory of 2164	2892	cmd.exe	30
PID 2892 wrote to memory of 2164	2892	cmd.exe	30
PID 1148 wrote to memory of 2444	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	31
PID 1148 wrote to memory of 2444	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	31
PID 1148 wrote to memory of 2444	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	31
PID 2444 wrote to memory of 2384	2444	cmd.exe	33
PID 2444 wrote to memory of 2384	2444	cmd.exe	33
PID 2444 wrote to memory of 2384	2444	cmd.exe	33
PID 1148 wrote to memory of 2736	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	34
PID 1148 wrote to memory of 2736	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	34
PID 1148 wrote to memory of 2736	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	34
PID 2736 wrote to memory of 2808	2736	cmd.exe	36
PID 2736 wrote to memory of 2808	2736	cmd.exe	36
PID 2736 wrote to memory of 2808	2736	cmd.exe	36
PID 1148 wrote to memory of 2860	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	38
PID 1148 wrote to memory of 2860	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	38
PID 1148 wrote to memory of 2860	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	38
PID 2164 wrote to memory of 1976	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	40
PID 2164 wrote to memory of 1976	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	40
PID 2164 wrote to memory of 1976	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	40
PID 2860 wrote to memory of 2700	2860	cmd.exe	39
PID 2860 wrote to memory of 2700	2860	cmd.exe	39
PID 2860 wrote to memory of 2700	2860	cmd.exe	39
PID 1148 wrote to memory of 2600	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	41
PID 1148 wrote to memory of 2600	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	41
PID 1148 wrote to memory of 2600	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	41
PID 2164 wrote to memory of 2840	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	42
PID 2164 wrote to memory of 2840	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	42
PID 2164 wrote to memory of 2840	2164	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	42
PID 2600 wrote to memory of 2880	2600	cmd.exe	43
PID 2600 wrote to memory of 2880	2600	cmd.exe	43
PID 2600 wrote to memory of 2880	2600	cmd.exe	43
PID 1148 wrote to memory of 2628	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	45
PID 1148 wrote to memory of 2628	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	45
PID 1148 wrote to memory of 2628	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	45
PID 2808 wrote to memory of 2680	2808	cmd.exe	401
PID 2808 wrote to memory of 2680	2808	cmd.exe	401
PID 2808 wrote to memory of 2680	2808	cmd.exe	401
PID 2628 wrote to memory of 2864	2628	cmd.exe	48
PID 2628 wrote to memory of 2864	2628	cmd.exe	48
PID 2628 wrote to memory of 2864	2628	cmd.exe	48
PID 1148 wrote to memory of 2648	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	235
PID 1148 wrote to memory of 2648	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	235
PID 1148 wrote to memory of 2648	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	235
PID 2648 wrote to memory of 2596	2648	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe	155
PID 2648 wrote to memory of 2596	2648	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe	155
PID 2648 wrote to memory of 2596	2648	NEAS.88e1eea9cc6e39cede24101cb66429f00.exe	155
PID 1148 wrote to memory of 2612	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	53
PID 1148 wrote to memory of 2612	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	53
PID 1148 wrote to memory of 2612	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	53
PID 2612 wrote to memory of 2636	2612	cmd.exe	54
PID 2612 wrote to memory of 2636	2612	cmd.exe	54
PID 2612 wrote to memory of 2636	2612	cmd.exe	54
PID 1148 wrote to memory of 2764	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	56
PID 1148 wrote to memory of 2764	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	56
PID 1148 wrote to memory of 2764	1148	NEAS.88e1eea9cc6e39cede24101cb66429f0.exe	56
PID 2808 wrote to memory of 3044	2808	cmd.exe	439
PID 2808 wrote to memory of 3044	2808	cmd.exe	439
PID 2808 wrote to memory of 3044	2808	cmd.exe	439
PID 2840 wrote to memory of 2200	2840	cmd.exe	57

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:2164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+730463.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      4⤵
      PID:1976
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
        5⤵
        Executes dropped EXE
        
        PID:2200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        Executes dropped EXE
        
        PID:2848
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:1708
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        8⤵
        
        PID:5548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:5832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9704
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:10700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+027666.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        8⤵
        
        PID:6732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
        7⤵
        Executes dropped EXE
        
        PID:2680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        9⤵
        
        PID:1152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        10⤵
        
        PID:7092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        11⤵
        
        PID:9132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        10⤵
        
        PID:10160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        10⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        11⤵
        
        PID:10096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        9⤵
        
        PID:4988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        9⤵
        
        PID:4564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+82693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        10⤵
        
        PID:9980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        10⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        11⤵
        
        PID:11484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+011824.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        10⤵
        
        PID:12340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        10⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        9⤵
        
        PID:6808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        8⤵
        
        PID:7416
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        Kills process with taskkill
        
        PID:6224
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        Executes dropped EXE
        
        PID:3172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        8⤵
        
        PID:5580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:6836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9656
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:11148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+027666.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        8⤵
        
        PID:7396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:10244
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
        7⤵
        
        PID:2748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        8⤵
        
        PID:6280
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        Kills process with taskkill
        
        PID:6832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        Executes dropped EXE
        
        PID:3892
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        Executes dropped EXE
        
        PID:4000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        8⤵
        
        PID:7016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        9⤵
        
        PID:8808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:8504
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:8584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
        8⤵
        
        PID:9596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
        9⤵
        
        PID:11816
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
        8⤵
        
        PID:3164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+627850.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
        9⤵
        
        PID:5896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
        10⤵
        
        PID:8088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        11⤵
        
        PID:7108
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        12⤵
        
        PID:10824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+12752.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
        9⤵
        
        PID:8488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
        10⤵
        
        PID:10000
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        8⤵
        
        PID:6976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        9⤵
        
        PID:8824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:1764
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:8892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
        8⤵
        
        PID:9976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
        9⤵
        
        PID:3528
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        8⤵
        Executes dropped EXE
        
        PID:3124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        9⤵
        
        PID:5488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        10⤵
        
        PID:5660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        11⤵
        
        PID:9664
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        12⤵
        Kills process with taskkill
        
        PID:11164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+027666.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        9⤵
        
        PID:6744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        10⤵
        
        PID:2356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        
        PID:4168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
        8⤵
        
        PID:7128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
        9⤵
        
        PID:8996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe
        8⤵
        
        PID:6952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe 1698529750
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe 1698529750
        9⤵
        
        PID:11408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        Executes dropped EXE
        
        PID:3664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        7⤵
        
        PID:6160
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        8⤵
        Kills process with taskkill
        
        PID:1028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:3564
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3468
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:3296
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:3208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:288
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:2552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        Loads dropped DLL
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        
        PID:2796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+58033.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
        8⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
        9⤵
        
        PID:3136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:6760
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:7908
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        Loads dropped DLL
        
        PID:3040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:2480
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        
        PID:4700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        
        PID:3332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        8⤵
        
        PID:4208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        9⤵
        
        PID:9188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:10208
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        Kills process with taskkill
        
        PID:11240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        8⤵
        
        PID:10152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        9⤵
        
        PID:11676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        
        PID:4360
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        
        PID:5988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+82693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        8⤵
        
        PID:9936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        9⤵
        
        PID:11824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+011824.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        8⤵
        
        PID:12592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        9⤵
        
        PID:4752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        
        PID:6860
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7372
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:7016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
      4⤵
      Loads dropped DLL
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
        5⤵
        Executes dropped EXE
        
        PID:1072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
        6⤵
        
        PID:3868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
        6⤵
        
        PID:3952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        7⤵
        Executes dropped EXE
        
        PID:3352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95830.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        8⤵
        
        PID:5848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        9⤵
        
        PID:7072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        10⤵
        
        PID:9332
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        11⤵
        
        PID:10748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+66678.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        8⤵
        
        PID:8508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        9⤵
        
        PID:10228
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
        7⤵
        
        PID:4924
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
        7⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe
        8⤵
        
        PID:7280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe 1698529750
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe 1698529750
        9⤵
        
        PID:9872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
        8⤵
        
        PID:10968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
        9⤵
        
        PID:13224
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
        7⤵
        
        PID:5404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5668
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:7012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:2808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+730463.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      4⤵
      PID:2680
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
      4⤵
      PID:3044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+39387.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
      4⤵
      Executes dropped EXE
      PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:2880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
      4⤵
      PID:2268
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2484
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
        6⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe
        7⤵
        
        PID:7192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe 1698529750
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe 1698529750
        8⤵
        
        PID:9896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
        7⤵
        
        PID:11024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
        8⤵
        
        PID:13104
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
        6⤵
        
        PID:6012
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:396
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:6600
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:3032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      4⤵
      PID:2632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:2596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      4⤵
      PID:1908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
      4⤵
      Loads dropped DLL
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
        5⤵
        Executes dropped EXE
        
        PID:2800
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        7⤵
        Executes dropped EXE
        
        PID:3876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        6⤵
        
        PID:3872
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        7⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
        8⤵
        
        PID:7200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
        9⤵
        
        PID:6872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
        8⤵
        
        PID:9108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
        8⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
        9⤵
        
        PID:11960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:4664
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        7⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+82693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe
        8⤵
        
        PID:10116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe 1698529750
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe 1698529750
        9⤵
        
        PID:11592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+011824.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f000.exe
        8⤵
        
        PID:12556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f000.exe 1698529750
        8⤵
        
        PID:3504
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:6844
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:7436
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:8456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:3052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
      4⤵
      Loads dropped DLL
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
        5⤵
        Executes dropped EXE
        
        PID:2684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:5000
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        7⤵
        
        PID:4876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        8⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        9⤵
        
        PID:9040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        8⤵
        
        PID:10132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        8⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        9⤵
        
        PID:11576
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:5244
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5680
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:6912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      4⤵
      PID:856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      Loads dropped DLL
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
        6⤵
        Executes dropped EXE
        
        PID:2264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        8⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        9⤵
        
        PID:7184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        10⤵
        
        PID:9028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        11⤵
        
        PID:13204
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        12⤵
        Kills process with taskkill
        
        PID:10440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        9⤵
        
        PID:10168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        10⤵
        
        PID:11668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        8⤵
        
        PID:4164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        8⤵
        
        PID:5996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        7⤵
        
        PID:4632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        7⤵
        
        PID:6120
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        8⤵
        Kills process with taskkill
        
        PID:6620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:3056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
        5⤵
        
        PID:3016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+921167.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:548
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
      4⤵
      Loads dropped DLL
      PID:1496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+729941.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      4⤵
      PID:1716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:1584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:1716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:2540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:3032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
    3⤵
    PID:1932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
      4⤵
      PID:6960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        5⤵
        
        PID:9076
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:13136
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe
      4⤵
      PID:10236
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe 1698529750
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe 1698529750
        5⤵
        
        PID:12012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
    3⤵
    - Executes dropped EXE
    PID:3720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
      4⤵
      PID:7004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
      4⤵
      PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
        5⤵
        
        PID:9624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
      4⤵
      PID:10880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
      4⤵
      PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
        5⤵
        
        PID:5572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+39387.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
      4⤵
      Loads dropped DLL
      PID:2480
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:6952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
        5⤵
        
        PID:9088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      4⤵
      PID:10012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
      4⤵
      PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
        5⤵
        
        PID:11700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:1464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:3832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:4528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe
      4⤵
      PID:7056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe 1698529750
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe 1698529750
        5⤵
        
        PID:8848
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:5756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
      4⤵
      PID:10104
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
      4⤵
      PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
        5⤵
        
        PID:11492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:3508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:3200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:2988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:4668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:4308
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
      4⤵
      PID:7176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
        5⤵
        
        PID:9180
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:10192
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        
        PID:8600
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:10176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
        5⤵
        
        PID:8936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:5640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:5940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:1904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:7112

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:1272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+318147.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  2⤵
  PID:3440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+58033.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  PID:2456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
  2⤵
  PID:4496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
    3⤵
    PID:4856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6560
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
1⤵
PID:1600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
1⤵
PID:1624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+08444.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
1⤵
PID:2216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+419192.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
1⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:2112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+318147.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  2⤵
  PID:3608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
    3⤵
    - Executes dropped EXE
    PID:3452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+58033.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
  2⤵
  PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
  2⤵
  PID:4708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
    3⤵
    PID:2396
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6752
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7832

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+07398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  2⤵
  PID:4068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
  2⤵
  PID:3888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
    3⤵
    PID:4332
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6340
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+14106.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
  2⤵
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:4076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
      4⤵
      PID:6992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
        5⤵
        
        PID:9052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
      4⤵
      PID:10212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
        5⤵
        
        PID:11600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  PID:3244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
    3⤵
    - Executes dropped EXE
    PID:3316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95830.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
      4⤵
      PID:5112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        5⤵
        
        PID:8432
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:10088
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10780
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+66678.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
      4⤵
      PID:8700
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
      4⤵
      PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        5⤵
        
        PID:8888

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  PID:3200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
    3⤵
    - Executes dropped EXE
    PID:3012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6168
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:6456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
    3⤵
    PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+14106.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
  2⤵
  PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
  2⤵
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
    3⤵
    PID:4324
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6408
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:7672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+07398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  2⤵
  PID:4052

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
  2⤵
  PID:3716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
    3⤵
    - Executes dropped EXE
    PID:3796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:5812
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:2612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
  2⤵
  PID:3984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+4179.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
  2⤵
  PID:3868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
    3⤵
    PID:4352
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
      4⤵
      PID:6936
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
        5⤵
        
        PID:9616
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
      4⤵
      PID:10984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
        5⤵
        
        PID:13028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+729418.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  2⤵
  PID:3620

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:1700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
  2⤵
  PID:1280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+417240.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
  2⤵
  PID:1604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
  2⤵
  - Loads dropped DLL
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
    3⤵
    - Executes dropped EXE
    PID:2056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        5⤵
        
        PID:4684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        5⤵
        
        PID:4312
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        6⤵
        
        PID:7148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
        7⤵
        
        PID:9196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        8⤵
        
        PID:6196
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        9⤵
        
        PID:10448
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        6⤵
        
        PID:9340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        6⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
        7⤵
        
        PID:11952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
        5⤵
        
        PID:6004
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+82693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        6⤵
        
        PID:10020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f078.exe 1698529750
        7⤵
        
        PID:9592
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+011824.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
        6⤵
        
        PID:12152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
        6⤵
        
        PID:4624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
      4⤵
      PID:4612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
        5⤵
        
        PID:6852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:7380
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:2160
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:2028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
    3⤵
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
      4⤵
      Executes dropped EXE
      PID:3636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+318147.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
      4⤵
      PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+58033.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
    3⤵
    PID:4384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
      4⤵
      PID:4380
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6768
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:7852

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:2640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  - Loads dropped DLL
  PID:292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
    3⤵
    - Executes dropped EXE
    PID:628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        5⤵
        
        PID:5032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
      4⤵
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
        5⤵
        
        PID:4760
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        6⤵
        
        PID:7408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        7⤵
        
        PID:10276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe
        6⤵
        
        PID:10816
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe 1698529750
        6⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe 1698529750
        7⤵
        
        PID:12204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
        5⤵
        
        PID:5964
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:4668
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:6328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
  2⤵
  - Loads dropped DLL
  PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06875.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    3⤵
    PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
      4⤵
      PID:6044
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:9696
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:11140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+515886.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
    3⤵
    PID:5768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
      4⤵
      PID:7088
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:9732
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:11196

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
1⤵
- Executes dropped EXE
PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
  2⤵
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
    3⤵
    PID:4368
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f032.exe
      4⤵
      PID:6196
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f032.exe 1698529750
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f032.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f032.exe 1698529750
        5⤵
        
        PID:9096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f034.exe
      4⤵
      PID:10224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f034.exe 1698529750
      4⤵
      PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f034.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f034.exe 1698529750
        5⤵
        
        PID:10904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
  2⤵
  PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
  2⤵
  PID:3304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
    3⤵
    PID:3364
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+95830.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      4⤵
      PID:5672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
        5⤵
        
        PID:7900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        6⤵
        
        PID:9556
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        7⤵
        Kills process with taskkill
        
        PID:10312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+66678.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
      4⤵
      PID:8596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
      4⤵
      PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
        5⤵
        
        PID:11212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
  2⤵
  PID:4568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
    3⤵
    PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
  2⤵
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
    3⤵
    PID:4888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe
      4⤵
      PID:7252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe 1698529750
      4⤵
      PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f036.exe 1698529750
        5⤵
        
        PID:9864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
      4⤵
      PID:10832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
      4⤵
      PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
        5⤵
        
        PID:13212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
  2⤵
  PID:5804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
    3⤵
    PID:6052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6104
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    PID:700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Loads dropped DLL
PID:3020
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
  2⤵
  - Executes dropped EXE
  PID:2372

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+318147.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  2⤵
  PID:3416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  PID:4064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
    3⤵
    PID:3376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6352
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+58033.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
  2⤵
  PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
  2⤵
  PID:4488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f05.exe 1698529750
    3⤵
    PID:4824
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:6540
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:7628
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
  2⤵
  PID:5168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
    3⤵
    PID:8108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
      4⤵
      PID:10376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f043.exe
    3⤵
    PID:10952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f043.exe 1698529750
    3⤵
    PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f043.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f043.exe 1698529750
      4⤵
      PID:13036

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
1⤵
PID:1708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Loads dropped DLL
PID:2916
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+728895.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
      4⤵
      PID:1728
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6776
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:7744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+011959.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    3⤵
    PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
      4⤵
      PID:4840
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:9688
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:10692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:1600
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
  2⤵
  - Executes dropped EXE
  PID:2660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:548

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "847860794-1688466398-1278746897-8016224038123392331084545878507814553404525223"
1⤵
PID:2596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
  2⤵
  PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
  2⤵
  PID:2392

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Executes dropped EXE
PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:4344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:5208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
      4⤵
      PID:6204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
      4⤵
      PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
        5⤵
        
        PID:9856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:10728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:3496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:6028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5080
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6728

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+06353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  2⤵
  PID:5408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  PID:5696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
    3⤵
    PID:5980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:2880
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:10320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+027666.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  2⤵
  PID:5640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  PID:7308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
    3⤵
    PID:7948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9720
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:11172

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:3500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+95307.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
    3⤵
    PID:6788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
    3⤵
    PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
      4⤵
      PID:8816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:10128
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:11248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+218459.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
    3⤵
    PID:9988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
    3⤵
    PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
      4⤵
      PID:11616

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:3576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+216056.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe
  2⤵
  PID:6800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe 1698529750
  2⤵
  PID:6996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f02.exe 1698529750
    3⤵
    PID:9164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:10148
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:6188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+822385.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f08.exe
  2⤵
  PID:9968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f08.exe 1698529750
  2⤵
  PID:8488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f08.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f08.exe 1698529750
    3⤵
    PID:11608

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3148
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
    3⤵
    PID:6920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f079.exe 1698529750
      4⤵
      PID:9124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
    3⤵
    PID:9996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
    3⤵
    PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
      4⤵
      PID:10212

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:3348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:3708
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
  2⤵
  PID:4032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
1⤵
PID:3136
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
  2⤵
  PID:3904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:6304
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:7052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
1⤵
PID:3672
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:3736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
    3⤵
    PID:6984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
    3⤵
    PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
      4⤵
      PID:9148
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:10188
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:8244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
    3⤵
    PID:8220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
    3⤵
    PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
      4⤵
      PID:11692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3288
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
    3⤵
    PID:6184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
    3⤵
    PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f072.exe 1698529750
      4⤵
      PID:8988
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe
    3⤵
    PID:10096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe 1698529750
    3⤵
    PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f074.exe 1698529750
      4⤵
      PID:11708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:3332
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
  2⤵
  PID:4132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
    3⤵
    PID:7104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
    3⤵
    PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
      4⤵
      PID:7200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
    3⤵
    PID:5612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
    3⤵
    PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
      4⤵
      PID:10880

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
1⤵
PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:1748

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
1⤵
PID:1412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:3996
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
  2⤵
  PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
    3⤵
    PID:6872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
      4⤵
      PID:6956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
    3⤵
    PID:2008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
    3⤵
    PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
      4⤵
      PID:10732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-212239405353110797315841786015456363131212314237-1329040912-1844457388-1899804307"
1⤵
PID:3984
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
  2⤵
  - Executes dropped EXE
  PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:5752
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:5920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:1840
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
  2⤵
  PID:4516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
    3⤵
    PID:7036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
    3⤵
    PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
      4⤵
      PID:8968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
    3⤵
    PID:9640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
    3⤵
    PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
      4⤵
      PID:11768

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /save 1698529750
1⤵
PID:3296
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
    3⤵
    PID:6968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f039.exe 1698529750
      4⤵
      PID:9608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
    3⤵
    PID:10784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
    3⤵
    PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f037.exe 1698529750
      4⤵
      PID:12436

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:1752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+94784.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
  2⤵
  PID:6944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
  2⤵
  PID:6088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
    3⤵
    PID:9060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:4136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+730239.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe
  2⤵
  PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe 1698529750
  2⤵
  PID:11232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f007.exe 1698529750
    3⤵
    PID:12936

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1976974658-917161938-1749898551-2082625421134050292-1936098802-506581651874572221"
1⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
1⤵
PID:3664
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:3752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
    3⤵
    PID:6888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
    3⤵
    PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
      4⤵
      PID:8832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:10220
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:8372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
    3⤵
    PID:9960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
    3⤵
    PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
      4⤵
      PID:11684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+318147.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
1⤵
PID:1804
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
  2⤵
  - Executes dropped EXE
  PID:2772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:2184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Executes dropped EXE
PID:3976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
  2⤵
  PID:6876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
  2⤵
  PID:7752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
    3⤵
    PID:9116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
  2⤵
  PID:8960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
  2⤵
  PID:8940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
    3⤵
    PID:5592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+626804.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
  2⤵
  PID:6928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
  2⤵
  PID:7064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f06.exe 1698529750
    3⤵
    PID:9012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+326312.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  2⤵
  PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  PID:10948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
    3⤵
    PID:11476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:3772
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
  2⤵
  PID:4276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:3536
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f073.exe 1698529750
  2⤵
  PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:6392
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:7488

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Executes dropped EXE
PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+627327.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
  2⤵
  PID:5808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
  2⤵
  PID:7336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f076.exe 1698529750
    3⤵
    PID:7056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:7152
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:10896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+714532.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
  2⤵
  PID:8556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
  2⤵
  PID:10928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
    3⤵
    PID:8408

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:3244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:3076

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
1⤵
PID:2172
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:2464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1125472194259149024-2036976328164470675118507648283608181041925452923349744207"
1⤵
PID:2380
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /save 1698529750
  2⤵
  PID:772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  - Loads dropped DLL
  PID:2912

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Executes dropped EXE
PID:984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06353.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
  2⤵
  PID:5296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
  2⤵
  PID:5788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:4284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9712
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:10712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+027666.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
  2⤵
  PID:5760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
  2⤵
  PID:7316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:8040

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:2044

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+317624.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
  2⤵
  PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
  2⤵
  PID:5720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe 1698529750
    3⤵
    PID:4908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:8128
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:10540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+119813.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
  2⤵
  PID:5688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
  2⤵
  PID:7344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f01.exe 1698529750
    3⤵
    PID:7892
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9756
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:11188

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "104206347-13068664811668247219-357633254-2061067478-1793102956247217629-1115348283"
1⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
1⤵
PID:2484
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
  2⤵
  - Executes dropped EXE
  PID:584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
      4⤵
      PID:4544
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
        5⤵
        
        PID:4432
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
        6⤵
        
        PID:9848
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        5⤵
        
        PID:11000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        6⤵
        
        PID:10404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
      4⤵
      PID:5152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:5632
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:1944

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Executes dropped EXE
PID:1556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:5200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:5368
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:7692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:10252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
      4⤵
      PID:10904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
        5⤵
        
        PID:11996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:5956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6608

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2268
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  - Executes dropped EXE
  PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
      4⤵
      PID:4920
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        5⤵
        
        PID:7972
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        6⤵
        
        PID:10368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe
        5⤵
        
        PID:10760
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe 1698529750
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f003.exe 1698529750
        6⤵
        
        PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
    3⤵
    PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:6020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:6080
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:7000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+06875.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
  2⤵
  PID:4188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
  2⤵
  PID:5624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:6036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9680
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:11156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+515886.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
  2⤵
  PID:5756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
  2⤵
  PID:7452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f075.exe 1698529750
    3⤵
    PID:8440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
      4⤵
      PID:9744
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        
        PID:11180

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1497117636-2099555376-1728163966-20503440632106172310-486257511313572200-1069586620"
1⤵
PID:880
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
  2⤵
  PID:1748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+728895.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe 1698529750
      4⤵
      PID:3232
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6572
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:7496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
      4⤵
      PID:2720
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:9048
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        
        PID:10328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+011959.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
    3⤵
    PID:4596

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
PID:1468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:4228
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
  2⤵
  PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+215533.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
    3⤵
    PID:6220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
    3⤵
    PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f002.exe 1698529750
      4⤵
      PID:9020
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:12964
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:6428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+41398.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
    3⤵
    PID:10080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
    3⤵
    PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f004.exe 1698529750
      4⤵
      PID:11008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
PID:3040
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
  2⤵
  - Executes dropped EXE
  PID:2784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+728895.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
    3⤵
    PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f077.exe 1698529750
      4⤵
      PID:2076
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:6580
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:7720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe+011959.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
    3⤵
    PID:5616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f070.exe 1698529750
      4⤵
      PID:6816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
        5⤵
        
        PID:9672
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im explorer.exe
        6⤵
        Kills process with taskkill
        
        PID:11132

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Executes dropped EXE
PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:4384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:1648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
      4⤵
      PID:7164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f096.exe 1698529750
        5⤵
        
        PID:9880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:10848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:13044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:6140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5600
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6904

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Executes dropped EXE
PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:4012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:2096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:7708
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:9964
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
      4⤵
      PID:10864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
      4⤵
      PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
        5⤵
        
        PID:13296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6128
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6716

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Executes dropped EXE
PID:828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:2628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:7428
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:10268
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
      4⤵
      PID:10752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
      4⤵
      PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
        5⤵
        
        PID:13280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:3308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:5664
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:5932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /protect 1698529750
1⤵
- Loads dropped DLL
PID:1708
- C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
  C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
  2⤵
  - Executes dropped EXE
  PID:1736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
    3⤵
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
      4⤵
      PID:3244
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        5⤵
        
        PID:6796
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
        6⤵
        
        PID:8976
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        5⤵
        
        PID:9592
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        5⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
        6⤵
        
        PID:11944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      Executes dropped EXE
      PID:2796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
      4⤵
      PID:5948
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+82693.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe
        5⤵
        
        PID:9920
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe 1698529750
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f008.exe 1698529750
        6⤵
        
        PID:11584
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+011824.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f000.exe
        5⤵
        
        PID:10840
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f000.exe 1698529750
        5⤵
        
        PID:12552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /save 1698529750
      4⤵
      PID:6824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
    3⤵
    PID:7460
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:8448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe 1698529750
1⤵
- Loads dropped DLL
PID:2276

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe 1698529750
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
  2⤵
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
    3⤵
    PID:4788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe
      4⤵
      PID:6212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe 1698529750
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f046.exe 1698529750
        5⤵
        
        PID:9888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
      4⤵
      PID:10800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
      4⤵
      PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f049.exe 1698529750
        5⤵
        
        PID:13288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
  2⤵
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
    3⤵
    PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
  2⤵
  PID:5772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /save 1698529750
    3⤵
    PID:2816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f04.exe /protect 1698529750
  2⤵
  PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:4660
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
1⤵
PID:932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Loads dropped DLL
PID:1804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe+913314.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
1⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
- Executes dropped EXE
PID:1676

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14749408197851431625697114711746401365-12761891881799716318411575452-250522480"
1⤵
- Loads dropped DLL
PID:1880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe 1698529750
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
  2⤵
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /protect 1698529750
    3⤵
    PID:4600
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+94262.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
      4⤵
      PID:7640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f099.exe 1698529750
        5⤵
        
        PID:10260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe+39251.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
      4⤵
      PID:10920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
      4⤵
      PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f093.exe 1698529750
        5⤵
        
        PID:7020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
  2⤵
  PID:5664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f09.exe /save 1698529750
    3⤵
    PID:5972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe
  2⤵
  PID:6112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6708

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f0.exe /protect 1698529750
1⤵
PID:804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "158038837-1947774802-15604929802131497162647610621459660391-186877514215893339"
1⤵
PID:3536

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13512189112147015956-4048231301912789057-16024017951938727184-368869938-239166478"
1⤵
PID:3908

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1343664018-776460822-5011438871492670379-1028128936-1101016676826316281603186242"
1⤵
PID:3708

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1757143266184768139213036155841028215658-12861413213270372791612651257582120776"
1⤵
PID:4244

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9305311371910995482-1657891684359254429287992489387885486104118676088032874"
1⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe /protect 1698529750
1⤵
PID:5184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+626281.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
  2⤵
  PID:7292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
  2⤵
  PID:8396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f006.exe 1698529750
    3⤵
    PID:8476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c copy /b C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe+95324.txt C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
  2⤵
  PID:8932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
  2⤵
  PID:10064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe
    C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f009.exe 1698529750
    3⤵
    PID:11808

C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe /save 1698529750
1⤵
PID:5176

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1378743823-394385948-1224405485-482304260-2024642326-793341947-331341460564497725"
1⤵
PID:4568

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3705262611077432598537960302236758403-762165163-669345103256865902247833746"
1⤵
PID:4440

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-161540300-1128709479297514755-1605330203-134219374-386962960-74432888974765981"
1⤵
PID:4608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1103326620-163751974617580434631793715955-30954793-1810260060-1410584716-973829293"
1⤵
PID:3388

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2097498370-160786671957975939-934897624-186216042-127667497914365898011218920222"
1⤵
PID:4496

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18365868261628938978341059854-4675013321767040216-356271084237262309-1179176847"
1⤵
PID:4224

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1810453883-18045551511577283852-15272098051251560334-12317946659630002471115963347"
1⤵
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
84B

MD5
c72671ae3c21f22d0fb084c8b1b37797

SHA1
459a057524033b3dface7ffc698e47a6ce5cc363

SHA256
8bb9e0cc2abda6ba023cc1d96a39756f5f9559825720c5047991c04d1046d6e5

SHA512
e0a6fd888dc3a88c98bdde0a2ce87e725446891e2c4188fca2cb147a7c4763ba6b2d1ee36f06d6de1b330c1643975d069160a7f926481d500edf0ed995c96d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
84B

MD5
c72671ae3c21f22d0fb084c8b1b37797

SHA1
459a057524033b3dface7ffc698e47a6ce5cc363

SHA256
8bb9e0cc2abda6ba023cc1d96a39756f5f9559825720c5047991c04d1046d6e5

SHA512
e0a6fd888dc3a88c98bdde0a2ce87e725446891e2c4188fca2cb147a7c4763ba6b2d1ee36f06d6de1b330c1643975d069160a7f926481d500edf0ed995c96d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
84B

MD5
c72671ae3c21f22d0fb084c8b1b37797

SHA1
459a057524033b3dface7ffc698e47a6ce5cc363

SHA256
8bb9e0cc2abda6ba023cc1d96a39756f5f9559825720c5047991c04d1046d6e5

SHA512
e0a6fd888dc3a88c98bdde0a2ce87e725446891e2c4188fca2cb147a7c4763ba6b2d1ee36f06d6de1b330c1643975d069160a7f926481d500edf0ed995c96d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
84B

MD5
c72671ae3c21f22d0fb084c8b1b37797

SHA1
459a057524033b3dface7ffc698e47a6ce5cc363

SHA256
8bb9e0cc2abda6ba023cc1d96a39756f5f9559825720c5047991c04d1046d6e5

SHA512
e0a6fd888dc3a88c98bdde0a2ce87e725446891e2c4188fca2cb147a7c4763ba6b2d1ee36f06d6de1b330c1643975d069160a7f926481d500edf0ed995c96d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.bat

Filesize
111B

MD5
b384260cab2d4a562bb7cd2d4cb40f14

SHA1
f129b0ba5c3c6ad4578dc1c0a8afe3a70d6193b4

SHA256
1ff2bb2c8306cf9c3b5d0769343f7db490071bbbda7a6f064510380d97563eff

SHA512
95aaaca18afab2e1fb37de46c844ec130053c426059d77ffd55d44ac88e96210fa61ed3f85af544b7b8f99d3357b49745cfe6fea8fd1cc5b312baf4481548a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\011824.txt

Filesize
5B

MD5
344740a5da60a3e8839958496f4644e7

SHA1
a9c54229f393141ba4dc3b75cf635f5439c432f0

SHA256
ae9722689d9bc6d44dc2f0fd557d1db4ea83d5cbaf55b237de5e9eb0ae3a82a6

SHA512
885f67c0701ffd99746628438e2e3ff03139f4e344304842b3401a744b694f3fe7bdb7e96e5c9c718f238eca4d365e8ba802290c5571e957e50c8d84e61ce9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\027666.txt

Filesize
5B

MD5
85fc1189e46c7278b2aeb7008506a6f2

SHA1
57810fb579c1d1ab161c12e64dbdd447555a1801

SHA256
45fd07c8d4da89a5207af4261bab7a0ea385426ac6eadbf4fb651d41e51d8224

SHA512
92eb29da87b680c5ce4093eadca2565be3d70a0fdad91df86f5026e105c52897f6d1f873b57b26c02b47a3a02cd707ddb7f35e312b2ffc1f5a72b9155252fb2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\06353.txt

Filesize
5B

MD5
75b769beb7e88dc7c59c1adb2006533c

SHA1
d02659d711b0cc9a775a14a24438d9e5c0e1979f

SHA256
f2375e2f6439ffa570e4cbad4f5c393e7ad8afc2a4554d1b08bc64b32ca79f18

SHA512
58b30544885ba5f974c235c2f690231c245468fc77cd525a6b81ab84a830b5b5acb77c37106b23a096e3bc5d580097ef23b6b297c82481ba74c171341f0d742c

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\08444.txt

Filesize
5B

MD5
1ef039b8c360653698d917512eb41140

SHA1
a699348432ae30761b6892a03041b814831abb2d

SHA256
b7f9434f2fc97875c7cfa62693374d13f7c66bff3e23631fb8b8afb3e3ed31a2

SHA512
40d6b1a1cceeb62a71abb1d1964c5e4d2549ecc59248a7429cff685ff2497f3f8c68821dc3e242a5a4eb3d186d41cba49a17c685b063c60f8728030455196201

Download Submit
C:\Users\Admin\AppData\Local\Temp\114939.bat

Filesize
123B

MD5
9e21eb306a117f58681c5af9fb09f0c3

SHA1
c9943bf605615e8eef254b84474c5a83d4c815ff

SHA256
ba8601d99db3b323a79265fc3ebc9d298894e22016e804a4f926091b6650ba6c

SHA512
9c2c6b6b2f1522d8939d035e6b9e896824e0060029d07694e977a7dbe627d7da5a179f21de06b80aee317505b4cf5dc1dc5260e389c75c1d23fc854a6f9b656e

Download Submit
C:\Users\Admin\AppData\Local\Temp\11976.bat

Filesize
124B

MD5
bbc23961104d0382a2f8d16cab73683d

SHA1
94a8231806d579e3eab640322d3b858e431811df

SHA256
32d15e3485d62c3ecf430efd86b5e8b30e37f52e2ae7634fcc703e4b2d959797

SHA512
7c8974ceec125e76bdd3e98226ff6861e78d6d8bd385c58943f3ba86c8dcb7d2c109ba93170f28231afb124af7923a6c035d5e48354ae2f1f5de669ca52b1104

Download Submit
C:\Users\Admin\AppData\Local\Temp\166050.bat

Filesize
124B

MD5
7d0486eeabc3bcccd58496f521ef6817

SHA1
d05d48e5195ae0e0877822e0ea08843a3c2b302b

SHA256
b2e9bbc7e6117ac40c1042ed680ec47e01b5fe570f402df9f4124bc19f75c316

SHA512
03449a61dadaa5318ec3e62547b088b7133042bea72b5b8e2797177952d04b640b776a59ff7f5d8cd4b8d23cc45b387839886756e38e2928e8383f6234f1dba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\174433.bat

Filesize
7B

MD5
3df116ef9ce709e3a5f25249db341c98

SHA1
7af50effe03c71bd5e03d46dc9b979c6faf92c8d

SHA256
4305b80fe6c8b71e12cfe14b19e94127e4825d6b8ade1cb544eee4836cbf7af0

SHA512
54242d6c407bcb82c482ab5b3bed3efe0fcffc5fa14a2b41247c0043a37d5695c4b9b1ba35c0c159f50720005780cd67e94b019e712a2e22aaaeb550e845c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\19620.bat

Filesize
124B

MD5
acc163756f9cdc66bab9c29081ac7e3f

SHA1
b78dc2d6f1caa7509f8760e6e14f72722dd588f0

SHA256
627bb2195e885c0c8c19a5f271eb1485bbec915f676a87f8fab1cbdd11b34b0c

SHA512
96e9e384972cb430f1ff6f80e9247f581625dc4917cae65fef9f7e06680555867384bc13c1c7627cf435a816c76fb0194ef40814459a2987f543fa59b5aa9030

Download Submit
C:\Users\Admin\AppData\Local\Temp\215533.txt

Filesize
5B

MD5
000a91f3e374e6147d58ed1814247508

SHA1
c8845a2b8398dbcce7b012e56444bb7c01479513

SHA256
03af159ccad0d470cfc1e5c2d5f10f93554eb62d86aefd890edcb1f3ad97a474

SHA512
abc9fbb2f86a052e41e834b2061af0a167c29880c9f6039e4d39e73b9e89cdd3c7c67fc556cc6da82d14cf381224f1457214ad09a7f38d0e216dac82af81a666

Download Submit
C:\Users\Admin\AppData\Local\Temp\222426.bat

Filesize
123B

MD5
6237f9e3e8a6f399183fa03f6964dc54

SHA1
cbd9f70c3ff7b8b50985be307c4c3472879cdbf9

SHA256
a0b110975bc2c1223afd0ed97d4ee963417d2773e001f61c1eb7111515303cb6

SHA512
31322dc9419b55052d5b9330cecc2ee6e192388f28eb35e2ca6e013558836c9e7b02edcb7e84c0ed0831047807beaea067703e43560e267682cf8df3d434cad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\261612.bat

Filesize
123B

MD5
04a39fddf40056268da79dace33c15c4

SHA1
7ce77d519c7a317f881bc630880d9e2a4428bd97

SHA256
9fc4caabe6d3f6bf736aaa232cb393989ea5a5941992edeebedcb73c4d35b0f0

SHA512
eaeec663662265c0a90494521d0e544342d5f55835e01765f50af317217d08b2098d96ba52d8b952e233f5f4f6a33464436a8a175a739e0aff0662778d698758

Download Submit
C:\Users\Admin\AppData\Local\Temp\261612.bat

Filesize
123B

MD5
04a39fddf40056268da79dace33c15c4

SHA1
7ce77d519c7a317f881bc630880d9e2a4428bd97

SHA256
9fc4caabe6d3f6bf736aaa232cb393989ea5a5941992edeebedcb73c4d35b0f0

SHA512
eaeec663662265c0a90494521d0e544342d5f55835e01765f50af317217d08b2098d96ba52d8b952e233f5f4f6a33464436a8a175a739e0aff0662778d698758

Download Submit
C:\Users\Admin\AppData\Local\Temp\318147.txt

Filesize
5B

MD5
68da88f6136bd6e456811e4a1f941ac0

SHA1
3f54f821de5e3ce01271e23cd0dc26fd0708711d

SHA256
971656f160fa536bdb6a1feaeb1384c4c95f763bb024bc36d3bc580cdaa51abd

SHA512
50c3206b56ac936a28c7ef5aa8468be0e54467b616ac4558bed7e0c26478fea0c8cf476d574f4bef22358eb5296fb73b685f671a8bb56e0619fb94da1b94868d

Download Submit
C:\Users\Admin\AppData\Local\Temp\326312.txt

Filesize
4B

MD5
bdf3fd65c81469f9b74cedd497f2f9ce

SHA1
24fbba633d705b4e5d2a65a5219b21ececccd060

SHA256
82ba9b272ce795cdea9a65851e79364e34efea66244b24e113cf9e42c8629804

SHA512
7a2eb2f0ee5a3bcf0d31dc77f5e5a150f75c2c91650a1ac7e4839abf071480c10cb8dd6625b558fe53b4c0581da3b3a7cec224a89d0d8f2636a40569a606c797

Download Submit
C:\Users\Admin\AppData\Local\Temp\39251.txt

Filesize
5B

MD5
aea9789988c08f28538422f1c3427388

SHA1
d6f5af39e200d4bf527e80034ff45a2cb06c83ac

SHA256
2b78d4359e73ca2fa70b31921c7cf93bb3445acd96b757cdc192a4bfecbc2c41

SHA512
3f940f7df9da9a41a04aa0cd500aec4cd20ba615fd512bafcfb3b4dc40267f19e54ce49d2c7c39fce4e5c8bd373850fca5c50ef8aeebd7e616e9d45aa20d89c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\39387.txt

Filesize
3B

MD5
019d385eb67632a7e958e23f24bd07d7

SHA1
82ad38f885211232bd89c439e0df9982d6ae74f7

SHA256
aaf01d71b55e51b1a3051cbb3cdc0646578dcda722b2922072a81f257b1a9821

SHA512
13b3a4bf428ea1d998597b490e3286aaa89bc744cd4842b7722315458c749962316c173ba24d4fada20f55f0b6ac3a9215d76e8db18c9308ea77cb368a4e622e

Download Submit
C:\Users\Admin\AppData\Local\Temp\39387.txt

Filesize
3B

MD5
019d385eb67632a7e958e23f24bd07d7

SHA1
82ad38f885211232bd89c439e0df9982d6ae74f7

SHA256
aaf01d71b55e51b1a3051cbb3cdc0646578dcda722b2922072a81f257b1a9821

SHA512
13b3a4bf428ea1d998597b490e3286aaa89bc744cd4842b7722315458c749962316c173ba24d4fada20f55f0b6ac3a9215d76e8db18c9308ea77cb368a4e622e

Download Submit
C:\Users\Admin\AppData\Local\Temp\41100.bat

Filesize
124B

MD5
de0b22a8335a89f6dca959a177f7d73c

SHA1
9f3f1c698cca06d132e468420877eff0ad4ddc3f

SHA256
b6304bc4e5740780291108f3d296a11054f176243c71cb546c3d822d126de96c

SHA512
ea3ce00bfe7526aac449f67bbd0f0466e0687ab6b14eb733ccf5369d0cfd0dbd21c00c19721a8da352b81676b3f9cd74ee17cf8d0f603b0b34d8429557da2c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\41398.txt

Filesize
5B

MD5
5994cf5ebd61f4806932d5f226cb64d0

SHA1
6ce1efcffaf81a351b18112a8830a781a94204e7

SHA256
0e73da5263d4f93876f68e6a5063e0787d59385dfa42afb95ed6374043498a9f

SHA512
e3dad9b5dd69d4adcc538f89bc8bb9303713975ed6ad539548da588410ed1ef014044f5b44003fd8ea557f32b6a8977c0823237f66102532d14096c8cb742a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\419192.txt

Filesize
5B

MD5
ec6ecdc8e04d45830fd347dd0622d829

SHA1
75db150fed2b173ee7dad055b703d60654cf6ee3

SHA256
1bfcb4e431ff6acfcd25c555f88ac0d55eacaecd8867dc92273cb5880eaabb55

SHA512
18ad6e9dad2dd7a1911ef32e2774a307192bee0a8313d892c95346f3de14c42ea1ee35e7ee9815d3ca6f58e1a38a0f32f85f6a8a28680e36a9608295d62e2d9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\58033.txt

Filesize
4B

MD5
668560ec159ebc2ef751b5ca819d520b

SHA1
42ce2a20678461d1504f4d20e2373bd29804c7f5

SHA256
d20def23786cb183a4cc62358e41b486a02ffa559c1819bd95a9ed9d76c599fd

SHA512
60fa98a9ba5c657635d85e19f265ad52900cd2e2f31613a8de5d27f1038f37d94f787aeccf8443959f2e6800d5d0edd0458d25ad08a61c68711d4d8dc1c55a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\626281.txt

Filesize
5B

MD5
c908ec320f803c559792b5b23ac0688b

SHA1
59d937dccb5bd56205546b9476e9015eeb1cf2fb

SHA256
71272b2e6e112809a60e53f034326d03bd0e8483d4bbeaf6a4f54826bb0b558c

SHA512
2cbfc0fcc81dffbf9871c919a2612809d1a56ed46b5256a12cfeb2539277364743ccde29486edf8466333e2a1d4acae230ff59bdc71671487649112173876268

Download Submit
C:\Users\Admin\AppData\Local\Temp\626804.txt

Filesize
5B

MD5
6bfe6de4ebb6ce650cdcf4322e63dee4

SHA1
60ad6d56f43cb6901acb9547d7df45a8cebaffe9

SHA256
45bea171f68e653605865f95b8974b060aab9512196f550207034953e652ddcd

SHA512
7306a2a4f13364fa80a692ce5d78f7d0da3d203c323659d0a7af7f7f67510ecacf0020f06aecc32034bea54399cbe93a61db53032e9e9685b0c53a7e59dba372

Download Submit
C:\Users\Admin\AppData\Local\Temp\730239.txt

Filesize
4B

MD5
655ea4bd3b5736d88afc30c9212ccddf

SHA1
4e3bd263528badfae62199b6ac5fbe7cb4e81dec

SHA256
c98c37cbc0242b2cd603d4ad823a1c29e7314df3ad8f1810cab0fb98c84fc2c4

SHA512
2cfa0493617c94792140284ad8630588b5d88b90f10004c3cb105db1b3fe2d01624e2d6df3316be80738b88101bd8a8e5a212831e690cd6ecd61f90c7072b0d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\730463.txt

Filesize
4B

MD5
1d72310edc006dadf2190caad5802983

SHA1
22a366e578fc19525be71b6b3013ef8cc5cb1a74

SHA256
46437ab18a6657040b4535297ff247b20c535c02263713f88b6a9e17484f1f3f

SHA512
354f08055b0d1f836f93e76ce6d603450c23e453da7188c94a6609df387d0cdbe5ee6fa6b26dc862c43ba506ce6167541c0455b09857271803e73265fcadc90f

Download Submit
C:\Users\Admin\AppData\Local\Temp\77664.bat

Filesize
123B

MD5
25aa5f7196bff9fe76d265d3f15d4f5f

SHA1
76c39945585ba1dc189134ef1bf61c78ef71627a

SHA256
143702b46f602f4f31198aad2e124e473c7e957770f08b46331f7ff8d2aabad6

SHA512
9719f6ce9e51b79e0c3b0765c8f6035270ac89d7f9372e10619fdf5446045085793338329b8f941e2308e7d42810486715b2a92d19d79bf4890e8db42465d4fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\77868.bat

Filesize
122B

MD5
53c45bfc1bd02abdbc5f1cbee584cc5c

SHA1
07a84bb831a01d682eebb5aa58bd647e8f37a852

SHA256
3162172bbb2e123c2adbcc2778cf86b54e39bb6d5553e8f0d1429dc473e6b9c5

SHA512
a1ad95016379faeccfc3f61f32e413a458bbd2c6155b030d9baf65818779bca031e430ec47ab98fe4f3ab798637b80c435598637b27b7b2c69a2c8cf2c097158

Download Submit
C:\Users\Admin\AppData\Local\Temp\82693.txt

Filesize
3B

MD5
bf8229696f7a3bb4700cfddef19fa23f

SHA1
d094700e379f0fb3b543e25c77f8e4b3e068f057

SHA256
41e521adf8ae7a0f419ee06e1d9fb794162369237b46f64bf5b2b9969b0bcd2e

SHA512
decd1011d7d1e6d9622d3f22a76b385fa53b1fb7deae229345a83da90f292999a135d588144faf42a369b1f719a4705bd884575bbebb9b57f9ccb6ce52501b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\913314.txt

Filesize
5B

MD5
4992f85f02e4d718826650c96219875d

SHA1
93677c6d95632adfdedb95be62d43e4c9cd018ec

SHA256
1110ad464b46db1701b29895bcfbabe42f23c472075ed08e4d9e7bb5c3e0d17e

SHA512
923203847fffc5ade12ff6ff3b08d115b2d47cad88933362662d51d79e9e6e42b6c98612f36cc8c2788073089b3a1a21ff7e6fdec2291d10d9b68f6f011baf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\913314.txt

Filesize
5B

MD5
4992f85f02e4d718826650c96219875d

SHA1
93677c6d95632adfdedb95be62d43e4c9cd018ec

SHA256
1110ad464b46db1701b29895bcfbabe42f23c472075ed08e4d9e7bb5c3e0d17e

SHA512
923203847fffc5ade12ff6ff3b08d115b2d47cad88933362662d51d79e9e6e42b6c98612f36cc8c2788073089b3a1a21ff7e6fdec2291d10d9b68f6f011baf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\913314.txt

Filesize
5B

MD5
4992f85f02e4d718826650c96219875d

SHA1
93677c6d95632adfdedb95be62d43e4c9cd018ec

SHA256
1110ad464b46db1701b29895bcfbabe42f23c472075ed08e4d9e7bb5c3e0d17e

SHA512
923203847fffc5ade12ff6ff3b08d115b2d47cad88933362662d51d79e9e6e42b6c98612f36cc8c2788073089b3a1a21ff7e6fdec2291d10d9b68f6f011baf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\94262.txt

Filesize
5B

MD5
34470a05eb3bfbee2352941dd1b94320

SHA1
aa11f804bbc80f03dbb41c8606c18a54e6e907ce

SHA256
6dd2583525174d1b4c96c40f51a82f5a8ceb014bb021ef8f4f0cd0120e59ec60

SHA512
cef6df296f6430f2fa064aaab9fced26ac4740121f2cb4fffe9164acd663fbb9f96f62f9275360ba2eed70cfae00d05b5e76f91d0ba66a1fdae7bcc2b400307b

Download Submit
C:\Users\Admin\AppData\Local\Temp\95324.txt

Filesize
5B

MD5
67da624214ee8e89992ce70459e669a3

SHA1
46ea957fc6f0d2a8505d130ede5bf8329a52fd5f

SHA256
df6ca664adfe237e23a378b092b16068e4f307695e8b0ea95bf6f1c59e610e62

SHA512
b19610d58b490869f71327df7c4f468391c46ac725c96862558093eae534cdd60ad00febbb61554f81c0b1dba7e6b86fe422fc4c9bb5be131f8430dcd75bc470

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f00.exe

Filesize
3.0MB

MD5
07be788000c54adfa81ecdd524504c9e

SHA1
1a94e9e993b10702a08c206722507a475044d903

SHA256
4d88b1e55d48c8f1b36dc911d457b52d16580c094839c68392dfd90d5d5f19ca

SHA512
a31db919bacb7ce304f7119f8a34223dec60e10d21425fca437355bf999d8c45fdff29be8bc8275f02a71881c162e1adb1ec75bc25e95ab6b7396c341747b38f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f03.exe

Filesize
3.0MB

MD5
33912ae7dc7cb69a53332694288bbaf7

SHA1
4e262800c84ceea774e072122e19bfa400173ffe

SHA256
2bbb7d1b91877ccbe766160a04e8286298ba6337c90a1e87238d7d78056b87cd

SHA512
7bfa178f1f8facb194e31d614d6754b1a147de6d64ada613d790fd5df54506bd7f090954452f69e51737f30f1d9a3bfdcdd784a136357fbcbca1b263f96e7c9f

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
\Users\Admin\AppData\Local\Temp\NEAS.88e1eea9cc6e39cede24101cb66429f07.exe

Filesize
3.0MB

MD5
8f7b7a6d6be1563f42d27280d3f03e6e

SHA1
664064da15f3fb9288a3118a3ec9b4144c76ce87

SHA256
bb4873a18c6bfc40f5d083cbab4dd4fba67eff3b17f3fcbdc7bb032b24d833dd

SHA512
e55dbb72dea7073482912c77dc097f5edf47219ee878a3f3b40f6143d460e95ce5fe397e1901c67b4beb93a3f28251586495f578b708878a98b9c1dbef5f01b5

Download Submit
memory/268-123-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/304-180-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/320-187-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/556-190-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/580-178-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/628-210-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/660-176-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/772-207-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/804-114-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/820-112-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/848-154-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1028-211-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1028-233-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1072-189-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1148-166-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1272-161-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1404-159-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1472-181-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1488-201-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1640-183-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1676-209-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1700-115-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1736-208-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/1748-232-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2008-155-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2028-199-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2056-173-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2112-165-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2160-216-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2164-56-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2200-171-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2264-215-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2372-206-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2384-167-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2540-188-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2596-111-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2636-170-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2640-110-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2684-204-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2692-177-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2700-168-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2772-234-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2784-217-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2796-182-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2800-205-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2808-57-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2828-179-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2832-174-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2864-169-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2880-109-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/2884-175-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3052-113-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download
memory/3056-117-0x0000000000400000-0x000000000061A000-memory.dmp

Filesize
2.1MB

Download