3d7149f52199ee55e600db8df94cade868e42e342c22a2856fb459af3011982d

Analysis

max time kernel
30s
max time network
144s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21c81e5746ea3309566e02bf40819770_NEIKI.exe
Size

1.5MB
MD5

21c81e5746ea3309566e02bf40819770
SHA1

7b62adb6d3caf91fd3353242525642705cf66bcd
SHA256

3d7149f52199ee55e600db8df94cade868e42e342c22a2856fb459af3011982d
SHA512

2bd67e441f97d56c90096c54d6e0c2f75339b97731ad327c5c3a3b5bec3292ebe45d121ae2d3e3084dbf6f2d88386eae16b4dd92c907c769fc46823235f6e1db
SSDEEP

49152:+vVJy/eVDygMhORnXqNsBeagjqElKla7c52nGxWEBY6g:+/Ryg+OlC6e6sKlCc5CCg

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2288-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x000700000001475f-5.dat	upx
behavioral1/memory/2648-72-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2424-86-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2176-88-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2992-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2744-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/348-94-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2288-93-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2648-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2176-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2424-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1808-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2856-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2744-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2992-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1332-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2288-109-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/348-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1204-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1808-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/804-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/484-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1612-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1592-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/556-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/560-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1572-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1700-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2488-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2180-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2492-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/484-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2120-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1868-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1204-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1612-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1948-141-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1904-140-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/556-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/560-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1868-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1240-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2916-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1380-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2492-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2120-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2128-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2848-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1904-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2680-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2128-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1728-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2256-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1240-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2688-161-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2768-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2232-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2236-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2848-166-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2680-167-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2688-170-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2928-169-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\P:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\R:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\X:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\B:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\H:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\J:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\K:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Y:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\W:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\A:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\E:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\G:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\L:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\I:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\M:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\N:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Q:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Z:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\S:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\T:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\U:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\V:	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\russian beastiality beast [free] titts .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking public .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cumshot lingerie [bangbus] titts bedroom .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\american horse horse public .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black fetish beast hidden feet bondage .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse voyeur fishy .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black action xxx licking swallow (Britney,Sarah).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\indian gang bang lingerie girls beautyfull .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian action gay [free] titts young .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\italian nude trambling big glans .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american action fucking [milf] .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\xxx [milf] hairy (Ashley,Sylvia).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american porn blowjob lesbian young (Ashley,Melissa).avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\russian beastiality trambling sleeping titts upskirt .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie [bangbus] cock traffic .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\brasilian cumshot xxx several models .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish porn lesbian big cock .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake [free] hole lady .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian action bukkake girls pregnant .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian beastiality hardcore catfight feet 40+ .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie full movie 50+ (Sonja,Sarah).avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Windows Journal\Templates\trambling catfight titts traffic .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\bukkake girls pregnant .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian several models 40+ .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx public black hairunshaved .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\russian animal gay uncut feet .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\beast several models lady .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black beastiality hardcore [free] 50+ .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\PLA\Templates\tyrkish fetish blowjob lesbian ash .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\japanese cum horse full movie glans wifey (Karin).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\Temp\blowjob girls .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\chinese horse licking hole (Britney,Curtney).avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\french xxx lesbian young .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore sleeping wifey .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\norwegian horse hot (!) redhair .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african lesbian hot (!) hole ejaculation .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\beastiality beast full movie gorgeoushorny .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american fetish beast full movie hole .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\malaysia lingerie [bangbus] boots .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\lingerie voyeur glans (Sandy,Jade).mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\african gay [milf] wifey .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish gang bang lesbian sleeping swallow .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian gang bang fucking lesbian shower .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\animal hardcore [free] .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\french gay voyeur cock gorgeoushorny .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse [bangbus] feet .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\handjob fucking [free] beautyfull .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\brasilian fetish xxx catfight stockings (Jenna,Sarah).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie licking (Janette).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\animal gay [free] feet lady (Sarah).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish gay lesbian cock shower .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\chinese bukkake hidden high heels .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\black beastiality xxx hot (!) .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lesbian lesbian glans circumcision .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\chinese blowjob several models .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fucking several models 40+ .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black cumshot gay [free] glans .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\mssrv.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\chinese gay big granny .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\swedish handjob gay catfight hole .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\tyrkish nude lingerie [bangbus] .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\japanese kicking hardcore licking wifey .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\italian nude beast hidden feet (Christine,Tatjana).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black beastiality fucking hidden boots .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian bukkake voyeur hole ejaculation .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\handjob hardcore hidden pregnant .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\british fucking several models .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french trambling [free] feet .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\nude hardcore several models shoes (Ashley,Liz).mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\american gang bang hardcore [free] feet blondie .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\hardcore [bangbus] .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish beastiality fucking full movie cock castration (Sylvia).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling hot (!) glans (Christine,Melissa).avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish cumshot hardcore full movie glans latex .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black kicking fucking voyeur .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german bukkake several models cock YEâPSè& (Jade).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking trambling catfight titts .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse trambling voyeur (Sarah).mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\asian gay hot (!) feet 40+ (Curtney).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob beast uncut .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\spanish bukkake licking (Karin).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia beast lesbian pregnant .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\italian horse beast licking .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian fucking masturbation hairy (Kathrin,Tatjana).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\temp\danish kicking sperm public .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\gang bang blowjob several models penetration .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\hardcore [bangbus] latex .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\german hardcore hot (!) titts .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse sperm [bangbus] hotel .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe
348	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1808	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1704	21c81e5746ea3309566e02bf40819770_NEIKI.exe
804	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1592	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1700	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1572	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2488	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2180	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1204	21c81e5746ea3309566e02bf40819770_NEIKI.exe
348	21c81e5746ea3309566e02bf40819770_NEIKI.exe
484	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1612	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1808	21c81e5746ea3309566e02bf40819770_NEIKI.exe
560	21c81e5746ea3309566e02bf40819770_NEIKI.exe
556	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe
804	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1948	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2916	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2916	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1868	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1868	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1704	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1704	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1380	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1380	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1592	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1592	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2492	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2492	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2120	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2120	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1572	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1572	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2236	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2236	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2648	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	28
PID 2288 wrote to memory of 2648	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	28
PID 2288 wrote to memory of 2648	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	28
PID 2288 wrote to memory of 2648	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	28
PID 2648 wrote to memory of 2424	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	29
PID 2648 wrote to memory of 2424	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	29
PID 2648 wrote to memory of 2424	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	29
PID 2648 wrote to memory of 2424	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	29
PID 2288 wrote to memory of 2176	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	30
PID 2288 wrote to memory of 2176	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	30
PID 2288 wrote to memory of 2176	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	30
PID 2288 wrote to memory of 2176	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	30
PID 2424 wrote to memory of 2856	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	31
PID 2424 wrote to memory of 2856	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	31
PID 2424 wrote to memory of 2856	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	31
PID 2424 wrote to memory of 2856	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	31
PID 2648 wrote to memory of 2744	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	32
PID 2648 wrote to memory of 2744	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	32
PID 2648 wrote to memory of 2744	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	32
PID 2648 wrote to memory of 2744	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	32
PID 2176 wrote to memory of 2992	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	33
PID 2176 wrote to memory of 2992	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	33
PID 2176 wrote to memory of 2992	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	33
PID 2176 wrote to memory of 2992	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	33
PID 2288 wrote to memory of 1332	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	34
PID 2288 wrote to memory of 1332	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	34
PID 2288 wrote to memory of 1332	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	34
PID 2288 wrote to memory of 1332	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	34
PID 2856 wrote to memory of 348	2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe	35
PID 2856 wrote to memory of 348	2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe	35
PID 2856 wrote to memory of 348	2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe	35
PID 2856 wrote to memory of 348	2856	21c81e5746ea3309566e02bf40819770_NEIKI.exe	35
PID 2424 wrote to memory of 1704	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	36
PID 2424 wrote to memory of 1704	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	36
PID 2424 wrote to memory of 1704	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	36
PID 2424 wrote to memory of 1704	2424	21c81e5746ea3309566e02bf40819770_NEIKI.exe	36
PID 2744 wrote to memory of 1808	2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe	37
PID 2744 wrote to memory of 1808	2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe	37
PID 2744 wrote to memory of 1808	2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe	37
PID 2744 wrote to memory of 1808	2744	21c81e5746ea3309566e02bf40819770_NEIKI.exe	37
PID 2992 wrote to memory of 804	2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe	38
PID 2992 wrote to memory of 804	2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe	38
PID 2992 wrote to memory of 804	2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe	38
PID 2992 wrote to memory of 804	2992	21c81e5746ea3309566e02bf40819770_NEIKI.exe	38
PID 2648 wrote to memory of 1592	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	39
PID 2648 wrote to memory of 1592	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	39
PID 2648 wrote to memory of 1592	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	39
PID 2648 wrote to memory of 1592	2648	21c81e5746ea3309566e02bf40819770_NEIKI.exe	39
PID 2176 wrote to memory of 1700	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	40
PID 2176 wrote to memory of 1700	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	40
PID 2176 wrote to memory of 1700	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	40
PID 2176 wrote to memory of 1700	2176	21c81e5746ea3309566e02bf40819770_NEIKI.exe	40
PID 2288 wrote to memory of 1572	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	41
PID 2288 wrote to memory of 1572	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	41
PID 2288 wrote to memory of 1572	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	41
PID 2288 wrote to memory of 1572	2288	21c81e5746ea3309566e02bf40819770_NEIKI.exe	41
PID 1332 wrote to memory of 2488	1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe	42
PID 1332 wrote to memory of 2488	1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe	42
PID 1332 wrote to memory of 2488	1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe	42
PID 1332 wrote to memory of 2488	1332	21c81e5746ea3309566e02bf40819770_NEIKI.exe	42
PID 348 wrote to memory of 2180	348	21c81e5746ea3309566e02bf40819770_NEIKI.exe	43
PID 348 wrote to memory of 2180	348	21c81e5746ea3309566e02bf40819770_NEIKI.exe	43
PID 348 wrote to memory of 2180	348	21c81e5746ea3309566e02bf40819770_NEIKI.exe	43
PID 348 wrote to memory of 2180	348	21c81e5746ea3309566e02bf40819770_NEIKI.exe	43

C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        10⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:19244
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:18820
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:14400
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:19356
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:21480
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19376
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19492
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:22252
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11444
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19128
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13816
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:18420
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:10104
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11512
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12096
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12736
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:9480
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:18812
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:21836
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:22084
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:18756
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:22108
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11472
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:22076
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:13044
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11796
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12680
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:9572
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1332
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:22100
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14112
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:10168
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5628
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:708
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:10096
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:10088
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11552
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11596
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12136
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12396
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12528
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:11708
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:10176
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:22168
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12364
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:10652
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:7256
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:11836
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:5980
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12120
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:9528
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:18412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american action fucking [milf] .zip.exe

Filesize
1012KB

MD5
243499b9ec3b10ae45929da37a3c1d4d

SHA1
2686a353708ea7408f7c38f5a9527b9389a1b220

SHA256
0a7fe989ee29e9fd99f2ab30d9ec64b051e987550f874e9facbd4142a348aef4

SHA512
3cfb3aeb42ea62d57b4f00d19b7188c12640895c1e95452666fab24fba3330b04c32d677be13d69001ba941d54a0558d8878a8eee2db2204bf2d3a0420c9950f

Download Submit
C:\debug.txt

Filesize
183B

MD5
527b3d520fea09f60e8f48e451b28fc7

SHA1
8d44f1eb64019f293c34d3ca119a3c7601bae1d5

SHA256
6eccad77a33aaf7f1acfcab47cd44a8c72584755194aabaabc347d69033cd301

SHA512
a259d12dd09957fd20759bac0e726b6c6e84300e033c3584f1cdc366de6e31ad1a76a80573f4f809a35b9d07010d5e00d8f0e0cde15aed78d1804c2f1bf6dc0b

Download Submit
memory/348-94-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/348-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/348-149-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/484-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/484-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/556-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/556-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/560-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/560-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/804-138-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/804-125-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/804-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1068-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1204-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1204-148-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/1204-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1240-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1240-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1332-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1380-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1572-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1572-173-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/1592-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1592-142-0x0000000002150000-0x000000000216D000-memory.dmp

Filesize
116KB

Download
memory/1612-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1612-168-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1612-157-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1612-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1700-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1808-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1808-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1892-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1904-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1904-140-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-180-0x0000000004AD0000-0x0000000004AED000-memory.dmp

Filesize
116KB

Download
memory/1948-141-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2104-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2120-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2120-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2128-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2128-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2176-158-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2176-88-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2176-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2176-105-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2176-120-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2180-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2232-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2236-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2256-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-87-0x0000000004CB0000-0x0000000004CCD000-memory.dmp

Filesize
116KB

Download
memory/2288-95-0x0000000004CB0000-0x0000000004CCD000-memory.dmp

Filesize
116KB

Download
memory/2288-478-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-71-0x0000000004CB0000-0x0000000004CCD000-memory.dmp

Filesize
116KB

Download
memory/2288-109-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-93-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-311-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-102-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2424-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-86-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-89-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2432-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2488-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2548-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2608-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2648-90-0x0000000001DD0000-0x0000000001DED000-memory.dmp

Filesize
116KB

Download
memory/2648-72-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2648-97-0x0000000001DD0000-0x0000000001DED000-memory.dmp

Filesize
116KB

Download
memory/2648-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2648-85-0x0000000001DD0000-0x0000000001DED000-memory.dmp

Filesize
116KB

Download
memory/2680-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2688-161-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2688-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2744-113-0x0000000001F20000-0x0000000001F3D000-memory.dmp

Filesize
116KB

Download
memory/2744-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2744-99-0x0000000001F20000-0x0000000001F3D000-memory.dmp

Filesize
116KB

Download
memory/2744-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2744-128-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2768-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2768-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2848-166-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2848-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2916-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2928-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2992-174-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/2992-122-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/2992-103-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2992-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2992-136-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/2992-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download