4d49f85d8c29856fdeaa9188e3532087f3f30b727570db794d2ee1b49ffaa9c0

Analysis

max time kernel
19s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
Size

1.3MB
MD5

5b7bfdb55231478f71a4d0f5f2a7d930
SHA1

aec602dd4bedbe4151ff6407d307c6d2ce62bb14
SHA256

4d49f85d8c29856fdeaa9188e3532087f3f30b727570db794d2ee1b49ffaa9c0
SHA512

7334848aefe20cad56aefc9db0074e1d34cf7b6cc3264fbb3ee147e8985f4300561ee61a86258b5555d0b95322043e4887cf61a9a0feb5c03b9bf943ef10070b
SSDEEP

24576:0CzAsI5xOLFtvVp6FwO5z9TcM5s290rD/2nEEBSgc1SqVR3OGbjcBChq/0T1bTSp:vzyALz76FwMBTchy0rL2EAK1SyTvgmqN

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000015ca8-5.dat	upx
behavioral1/memory/2672-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2672-90-0x0000000004CD0000-0x0000000004CEE000-memory.dmp	upx
behavioral1/memory/2624-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1580-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1584-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2904-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2128-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1612-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2624-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3000-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2276-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2760-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2452-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2200-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2168-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2904-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1052-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2128-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1612-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2728-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-121-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3036-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2992-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2024-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/884-127-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2200-131-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2760-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1784-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2292-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2892-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/476-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2060-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1996-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1052-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2728-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1476-137-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2084-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1784-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1464-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2292-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/884-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1532-144-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2928-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2548-159-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2772-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2436-163-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2484-164-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2520-166-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1620-165-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1476-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2648-168-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2772-173-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2528-172-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2876-171-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2548-174-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2136-169-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2756-170-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2432-175-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1684-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\Q:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\S:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\T:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\V:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\B:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\I:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\L:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\X:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\Z:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\A:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\K:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\N:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\O:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\Y:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\H:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\G:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\J:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\M:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\R:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\U:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\W:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File opened (read-only)	\??\E:	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese hardcore several models vagina boots .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish xxx sperm masturbation titts latex .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish bukkake blowjob public .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\horse porn voyeur .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian action lesbian castration .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lingerie [milf] .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx xxx [free] mature .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese bukkake sperm several models hotel .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\handjob public .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish gay fetish sleeping (Sonja,Gina).mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish action hidden glans 40+ .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese porn nude voyeur black hairunshaved .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian cum kicking public cock redhair (Tatjana,Sonja).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\norwegian lesbian full movie swallow (Kathrin,Tatjana).rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\nude action masturbation traffic .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\kicking action masturbation redhair .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian fucking hardcore lesbian legs (Melissa).mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\african bukkake bukkake sleeping (Jade,Sonja).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake horse sleeping .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\porn hot (!) legs .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fetish porn sleeping ejaculation .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian nude bukkake big ash bedroom (Sonja).zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian kicking lesbian full movie high heels .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\xxx several models .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Program Files\Windows Journal\Templates\norwegian horse big cock .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\african horse [bangbus] blondie .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\black cumshot handjob [bangbus] ìï (Tatjana).mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\malaysia lingerie full movie latex (Gina,Curtney).mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gang bang bukkake full movie boots (Kathrin,Curtney).zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\nude hidden boobs boots .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\tmp\spanish action licking black hairunshaved .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\sperm several models (Janette).avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\sperm hidden feet ejaculation (Kathrin).rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian gang bang animal catfight .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\gang bang lesbian .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\swedish animal sleeping penetration (Sylvia,Sarah).rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\lingerie full movie boobs traffic (Karin,Janette).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish animal kicking masturbation .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\canadian handjob porn public titts .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\kicking sleeping 40+ .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\japanese trambling lesbian swallow .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish cumshot licking lady .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american beast bukkake [bangbus] feet .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\nude masturbation high heels .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\malaysia trambling cum [milf] shoes .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american handjob kicking [free] circumcision (Sylvia,Liz).mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\gang bang kicking several models cock .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\american gang bang horse several models leather .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\brasilian porn beast uncut .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\xxx cumshot sleeping redhair (Sonja,Kathrin).avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\kicking xxx big vagina stockings .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\animal several models lady (Christine).zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish lesbian hot (!) girly (Samantha).avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\PLA\Templates\italian fucking horse big legs redhair .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\trambling girls .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\animal lesbian (Sarah).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german kicking [milf] (Jenna).avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\swedish fucking full movie glans redhair .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\cumshot beastiality [free] stockings .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\nude cum [bangbus] swallow .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\asian bukkake fetish lesbian latex .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\horse beastiality catfight fishy (Tatjana).avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\fucking fetish hidden glans .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african porn lesbian titts .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse fetish full movie vagina .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\norwegian gay uncut wifey .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gay sperm [bangbus] nipples blondie .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\brasilian bukkake sleeping boots (Janette).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\british action lesbian [free] pregnant .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\asian nude horse public .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse porn hot (!) boobs .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\russian cum hardcore public pregnant .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\spanish beastiality hardcore [free] cock mistress .zip.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse gang bang hidden penetration .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\temp\chinese fucking licking lady (Christine,Christine).rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian cum voyeur cock swallow .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\hardcore [free] .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\animal catfight .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese horse hot (!) nipples .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\InstallTemp\french kicking [milf] cock .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\fucking big .rar.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\security\templates\fucking gang bang sleeping sm .mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beast action big .mpg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\african action girls glans .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british hardcore hardcore hot (!) (Britney,Sylvia).mpeg.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african lingerie [bangbus] bedroom .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\italian cumshot trambling [free] vagina young .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\spanish beast [milf] legs sm .avi.exe	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1612	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2600	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2128	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
3000	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2892	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2760	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2200	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
476	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1052	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2728	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2024	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
3036	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2992	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1612	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2600	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2292	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2128	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
884	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1784	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1784	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1464	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1464	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1996	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1996	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2060	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2060	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
3000	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
3000	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2892	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
2892	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2672	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	28
PID 2904 wrote to memory of 2672	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	28
PID 2904 wrote to memory of 2672	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	28
PID 2904 wrote to memory of 2672	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	28
PID 2672 wrote to memory of 2452	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	29
PID 2672 wrote to memory of 2452	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	29
PID 2672 wrote to memory of 2452	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	29
PID 2672 wrote to memory of 2452	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	29
PID 2904 wrote to memory of 2624	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	30
PID 2904 wrote to memory of 2624	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	30
PID 2904 wrote to memory of 2624	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	30
PID 2904 wrote to memory of 2624	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	30
PID 2452 wrote to memory of 1944	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	31
PID 2452 wrote to memory of 1944	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	31
PID 2452 wrote to memory of 1944	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	31
PID 2452 wrote to memory of 1944	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	31
PID 2672 wrote to memory of 1584	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	32
PID 2672 wrote to memory of 1584	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	32
PID 2672 wrote to memory of 1584	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	32
PID 2672 wrote to memory of 1584	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	32
PID 2624 wrote to memory of 1580	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	33
PID 2624 wrote to memory of 1580	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	33
PID 2624 wrote to memory of 1580	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	33
PID 2624 wrote to memory of 1580	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	33
PID 2904 wrote to memory of 2276	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	34
PID 2904 wrote to memory of 2276	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	34
PID 2904 wrote to memory of 2276	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	34
PID 2904 wrote to memory of 2276	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	34
PID 1944 wrote to memory of 2168	1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	35
PID 1944 wrote to memory of 2168	1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	35
PID 1944 wrote to memory of 2168	1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	35
PID 1944 wrote to memory of 2168	1944	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	35
PID 1584 wrote to memory of 1612	1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	36
PID 1584 wrote to memory of 1612	1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	36
PID 1584 wrote to memory of 1612	1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	36
PID 1584 wrote to memory of 1612	1584	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	36
PID 2452 wrote to memory of 2600	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	38
PID 2452 wrote to memory of 2600	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	38
PID 2452 wrote to memory of 2600	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	38
PID 2452 wrote to memory of 2600	2452	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	38
PID 1580 wrote to memory of 2128	1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	37
PID 1580 wrote to memory of 2128	1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	37
PID 1580 wrote to memory of 2128	1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	37
PID 1580 wrote to memory of 2128	1580	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	37
PID 2672 wrote to memory of 3000	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	39
PID 2672 wrote to memory of 3000	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	39
PID 2672 wrote to memory of 3000	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	39
PID 2672 wrote to memory of 3000	2672	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	39
PID 2276 wrote to memory of 2892	2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	40
PID 2276 wrote to memory of 2892	2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	40
PID 2276 wrote to memory of 2892	2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	40
PID 2276 wrote to memory of 2892	2276	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	40
PID 2624 wrote to memory of 2760	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	41
PID 2624 wrote to memory of 2760	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	41
PID 2624 wrote to memory of 2760	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	41
PID 2624 wrote to memory of 2760	2624	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	41
PID 2904 wrote to memory of 2200	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	42
PID 2904 wrote to memory of 2200	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	42
PID 2904 wrote to memory of 2200	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	42
PID 2904 wrote to memory of 2200	2904	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	42
PID 2168 wrote to memory of 476	2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	43
PID 2168 wrote to memory of 476	2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	43
PID 2168 wrote to memory of 476	2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	43
PID 2168 wrote to memory of 476	2168	5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe	43

C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        10⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        10⤵
        
        PID:22772
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        10⤵
        
        PID:23912
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:26912
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        10⤵
        
        PID:23568
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:23936
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23048
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23628
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:27120
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23040
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23168
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23000
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:27956
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:19508
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:24456
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:27232
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22904
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26920
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23176
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:22740
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26876
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26384
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:24276
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22976
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:23596
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26788
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23072
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24588
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24512
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23056
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23432
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26944
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26860
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26960
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:19548
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24320
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26392
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26892
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:19668
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26868
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:24520
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23016
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23096
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24304
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22956
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26684
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:19564
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24472
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23024
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:19660
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26772
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23120
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23716
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23732
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24392
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26844
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23968
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:17820
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23904
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:22760
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:24552
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:22992
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26992
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26968
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24560
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:23008
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22624
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23152
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:23136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:20380
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26852
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22672
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24488
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26692
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22912
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24424
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23184
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26884
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26812
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:28384
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24292
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24544
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:22684
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24284
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26700
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24528
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23088
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:26752
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24212
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24624
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24416
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19516
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22732
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:27244
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:27976
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:20396
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24608
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19532
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23228
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22724
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:14720
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23392
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26836
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:20388
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23236
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19652
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:24344
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23112
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24632
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22656
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15492
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24352
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23128
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:16152
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:11472
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:15676
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:10544
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        9⤵
        
        PID:23080
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22928
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22616
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:26620
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26820
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26612
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23032
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23584
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22964
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23984
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:26596
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24480
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:27832
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26828
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23992
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:25388
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19524
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23928
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24312
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23896
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22640
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:17576
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:24536
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22716
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:20028
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26300
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24440
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22936
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23976
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22692
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15892
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26804
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:28060
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:23944
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:21616
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24364
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24408
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:20220
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:24260
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:21608
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:15660
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:26796
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        8⤵
        
        PID:22944
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:24400
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23104
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:20036
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26400
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:24504
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:20004
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:20092
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26292
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:19080
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22752
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:26284
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:22708
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:20020
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:26952
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23064
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26604
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:22648
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:26780
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24568
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:20212
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24432
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:16576
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:23144
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:15756
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:8224
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        7⤵
        
        PID:23404
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24336
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:19644
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        6⤵
        
        PID:23724
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:11084
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:27300
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:19980
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:26928
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:18276
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:18284
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:22664
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:15716
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:26900
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:24496
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:23160
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
        5⤵
        
        PID:23952
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:22984
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:24448
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:22632
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:17400
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:10484
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:15296
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:11272
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:22920
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:3612
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
      4⤵
      PID:24464
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:17976
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:5464
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:12812
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:24220
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:9000
- - C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
    3⤵
    PID:17568
- C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\5b7bfdb55231478f71a4d0f5f2a7d930_NEIKI.exe"
  2⤵
  PID:17664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\indian cum kicking public cock redhair (Tatjana,Sonja).mpeg.exe

Filesize
1.3MB

MD5
44eed56ce380cc411abfdc9f7bc7b325

SHA1
7141eb0362fb57b8c268b94928c2b06678f893b2

SHA256
a0e21e7c9e2ead4d5079cf355aeebc543a4f12e601ee768f72a1f306335b5b2a

SHA512
4d3ee8ff76221f6b36d5fa65744775d7163441a69b35c6933ff5a6d1a7e572bcbb88c549d4a670d0adc5f27e770dab003558ea685faf7e8008005044fa620343

Download Submit
C:\debug.txt

Filesize
183B

MD5
fec3bd0d26e6a8c383dcab29669ba9e9

SHA1
5e86c60ea2e5c288ae597a1801b4ca5d0d54a0e3

SHA256
1d276dd51cdc37ac02df2953a80141dfd57966d6fd87ac18920a754e3b4ab9b2

SHA512
9beafb999e52afa3dafc6374b541ce7f2b53ad1c2a6b99fff1cc0344b3d1454d05ee80be0c184e5f346df9a6921121aa5d268536dc5f77bdd5715fca04f7a616

Download Submit
memory/476-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/884-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/884-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/912-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1052-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1052-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1348-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1464-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1476-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1476-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1532-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1532-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1548-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1560-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1580-102-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/1580-117-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/1580-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1584-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1612-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1612-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1620-165-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1684-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1784-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1784-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1872-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1932-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-113-0x0000000001D80000-0x0000000001D9E000-memory.dmp

Filesize
120KB

Download
memory/1944-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-98-0x0000000001D80000-0x0000000001D9E000-memory.dmp

Filesize
120KB

Download
memory/1944-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1996-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1996-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2024-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2084-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2084-158-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2128-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2128-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2128-140-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2128-151-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/2136-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2136-169-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2168-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-131-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2276-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2292-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2292-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2308-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2432-175-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2432-162-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2436-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2436-176-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2452-93-0x0000000004680000-0x000000000469E000-memory.dmp

Filesize
120KB

Download
memory/2452-108-0x0000000004680000-0x000000000469E000-memory.dmp

Filesize
120KB

Download
memory/2452-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2484-164-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-166-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2528-172-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2548-159-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2548-174-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-167-0x0000000004AA0000-0x0000000004ABE000-memory.dmp

Filesize
120KB

Download
memory/2600-121-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2624-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2624-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2628-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2648-168-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2648-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2672-90-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

Filesize
120KB

Download
memory/2672-101-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

Filesize
120KB

Download
memory/2672-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2728-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2728-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2756-170-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2772-173-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2772-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2876-171-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2892-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-64-0x0000000004F20000-0x0000000004F3E000-memory.dmp

Filesize
120KB

Download
memory/2904-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-540-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-368-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-91-0x0000000004F20000-0x0000000004F3E000-memory.dmp

Filesize
120KB

Download
memory/2904-100-0x0000000004F20000-0x0000000004F3E000-memory.dmp

Filesize
120KB

Download
memory/2904-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2928-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2928-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3000-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download