13eb1a580652608946fe646f3b1522a35188d16a9e3fe22f3b02f419879cf3ce

Analysis

max time kernel
14s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Size

1.6MB
MD5

9bb5d670b6b9fb12149d7cf37718fcb0
SHA1

806cfd06938bf6450c0adf9547f20517dbc38579
SHA256

13eb1a580652608946fe646f3b1522a35188d16a9e3fe22f3b02f419879cf3ce
SHA512

6913fcc4400537f969e57ce412fb5262e6d739b73be6b07ba876f332ac62ac5bd5f2c2c78a592b9468b7df9cab5c6c923cde16ddb82c1c924c73afc0a1ed51f6
SSDEEP

24576:t2XqxreVdAN65dycKIJRwBeADNCu+s8FIlNil6ubDhrjxMF406hKmJHzKMpJMy9e:QXq3cTUNtj8KlEgCVjCFxsHzHBm8KT

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000015a98-5.dat	upx
behavioral1/memory/1704-15-0x0000000005110000-0x000000000512D000-memory.dmp	upx
behavioral1/memory/2628-16-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/564-69-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-70-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/532-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2376-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/564-94-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2496-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/956-90-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2628-89-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1956-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1332-108-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/956-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1288-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/528-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1168-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1980-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1252-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1640-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/760-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2732-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2180-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2308-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/816-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3020-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3016-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3040-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3060-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1800-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1384-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1816-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1840-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1884-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1728-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2140-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1768-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2888-140-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1592-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1512-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3024-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2568-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2580-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2676-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3008-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2712-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1808-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2436-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2424-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/780-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2288-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2024-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-175-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1672-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3768-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3864-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3872-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3908-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3900-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3920-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4056-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\A:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\B:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\H:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\M:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\N:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\O:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\L:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\Z:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\U:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\W:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\E:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\I:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\K:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\P:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\Q:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\S:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\X:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\G:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\J:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\R:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\T:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\V:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling lesbian .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish cum horse voyeur fishy .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish lesbian [free] titts beautyfull .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action gay [milf] lady (Britney,Sylvia).avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\cum beast [free] lady .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\blowjob lesbian fishy .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish cum bukkake [free] hole sm (Jade).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian [milf] ash .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\american nude blowjob public titts wifey .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\black cum sperm hidden .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\gay public hole femdom .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american beastiality trambling hidden pregnant .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse voyeur (Samantha).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian gang bang gay lesbian leather .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian cumshot bukkake licking cock young (Karin).avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Windows Journal\Templates\indian cumshot blowjob several models glans .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob hidden penetration .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian action lingerie [bangbus] sweet (Jenna,Liz).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish gang bang lesbian catfight titts (Sonja,Liz).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish action bukkake several models .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\danish beastiality lesbian lesbian leather .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese fetish sperm masturbation titts traffic .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian voyeur titts .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian handjob blowjob girls YEâPSè& (Anniston,Sylvia).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse hardcore sleeping bondage .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian fetish blowjob licking (Samantha).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish animal lingerie licking cock .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\tmp\xxx public titts .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian handjob fucking [milf] sm .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian kicking horse girls Ôë .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\PLA\Templates\american cumshot hardcore several models glans gorgeoushorny .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese animal lingerie hot (!) black hairunshaved (Sandy,Tatjana).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie voyeur titts gorgeoushorny .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian action beast voyeur titts lady .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\beast full movie bondage .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\fucking girls feet penetration .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking sleeping balls .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish porn fucking [bangbus] hole .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\danish fetish blowjob masturbation titts redhair (Janette).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\mssrv.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\blowjob masturbation black hairunshaved .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\temp\trambling big cock high heels .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking public .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian handjob lingerie public swallow .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black gang bang sperm big hole mistress (Karin).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\japanese gang bang sperm uncut titts penetration (Liz).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese horse gay hot (!) high heels (Sonja,Curtney).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cumshot xxx voyeur titts .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking [bangbus] ash .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\indian gang bang lingerie girls hole castration (Sylvia).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish handjob horse full movie .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx [milf] cock upskirt .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\danish gang bang blowjob uncut glans mature .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black cumshot beast uncut glans .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob hot (!) .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\sperm hidden shoes .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\security\templates\brasilian cumshot sperm uncut girly (Ashley,Janette).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1168	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1980	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1640	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2180	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
760	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2732	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
528	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2308	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1288	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
3016	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
816	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
3020	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2628	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	28
PID 1704 wrote to memory of 2628	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	28
PID 1704 wrote to memory of 2628	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	28
PID 1704 wrote to memory of 2628	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	28
PID 1704 wrote to memory of 2496	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	29
PID 1704 wrote to memory of 2496	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	29
PID 1704 wrote to memory of 2496	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	29
PID 1704 wrote to memory of 2496	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	29
PID 2628 wrote to memory of 2376	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	30
PID 2628 wrote to memory of 2376	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	30
PID 2628 wrote to memory of 2376	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	30
PID 2628 wrote to memory of 2376	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	30
PID 2376 wrote to memory of 532	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	31
PID 2376 wrote to memory of 532	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	31
PID 2376 wrote to memory of 532	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	31
PID 2376 wrote to memory of 532	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	31
PID 1704 wrote to memory of 564	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	32
PID 1704 wrote to memory of 564	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	32
PID 1704 wrote to memory of 564	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	32
PID 1704 wrote to memory of 564	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	32
PID 2628 wrote to memory of 1956	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	33
PID 2628 wrote to memory of 1956	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	33
PID 2628 wrote to memory of 1956	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	33
PID 2628 wrote to memory of 1956	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	33
PID 2496 wrote to memory of 1332	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	34
PID 2496 wrote to memory of 1332	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	34
PID 2496 wrote to memory of 1332	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	34
PID 2496 wrote to memory of 1332	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	34
PID 564 wrote to memory of 956	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	35
PID 564 wrote to memory of 956	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	35
PID 564 wrote to memory of 956	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	35
PID 564 wrote to memory of 956	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	35
PID 2376 wrote to memory of 1168	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	36
PID 2376 wrote to memory of 1168	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	36
PID 2376 wrote to memory of 1168	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	36
PID 2376 wrote to memory of 1168	2376	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	36
PID 1704 wrote to memory of 1980	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	37
PID 1704 wrote to memory of 1980	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	37
PID 1704 wrote to memory of 1980	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	37
PID 1704 wrote to memory of 1980	1704	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	37
PID 2496 wrote to memory of 1252	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	38
PID 2496 wrote to memory of 1252	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	38
PID 2496 wrote to memory of 1252	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	38
PID 2496 wrote to memory of 1252	2496	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	38
PID 2628 wrote to memory of 1640	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	39
PID 2628 wrote to memory of 1640	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	39
PID 2628 wrote to memory of 1640	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	39
PID 2628 wrote to memory of 1640	2628	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	39
PID 532 wrote to memory of 2180	532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	41
PID 532 wrote to memory of 2180	532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	41
PID 532 wrote to memory of 2180	532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	41
PID 532 wrote to memory of 2180	532	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	41
PID 1332 wrote to memory of 2732	1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	42
PID 1332 wrote to memory of 2732	1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	42
PID 1332 wrote to memory of 2732	1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	42
PID 1332 wrote to memory of 2732	1332	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	42
PID 1956 wrote to memory of 760	1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	40
PID 1956 wrote to memory of 760	1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	40
PID 1956 wrote to memory of 760	1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	40
PID 1956 wrote to memory of 760	1956	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	40
PID 564 wrote to memory of 2308	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	43
PID 564 wrote to memory of 2308	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	43
PID 564 wrote to memory of 2308	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	43
PID 564 wrote to memory of 2308	564	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	43

C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        9⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10376
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11224
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10688
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10068
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10012
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10432
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9616
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:8368
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9044
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10292
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9920
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10408
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11208
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10980
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:10844
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:564
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9188
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1056
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9400
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10520
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10260
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9660
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:9996
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10400
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10192
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2616
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10284
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:11144
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10368
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11216
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11756
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:7900
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11120
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10908
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:11152
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:3408
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11764
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:1116
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:5268
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:10512
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:10308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian voyeur titts .rar.exe

Filesize
1.8MB

MD5
c4f331b19bd70a4bb7d6e7275e7b852d

SHA1
56490f90f42e3749a8c96fd44bc6cbe573231ac3

SHA256
d7c8f6225081b2a235ca507271551880790398bdec3b851004feb646086612cc

SHA512
9dca790ab3ddb27b7a95ae3b87c9cbd8f1e63780a776ca2df47ed62783f532ad7a6c778da6531905cd8616fc9dc6908f47eb09a09b383c4121ff44cef1e2f98d

Download Submit
memory/528-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/532-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/532-98-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/532-113-0x00000000047E0000-0x00000000047FD000-memory.dmp

Filesize
116KB

Download
memory/532-119-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/564-94-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/564-201-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/564-214-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/564-69-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/760-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/760-199-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/760-194-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/780-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/816-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/816-176-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/956-109-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/956-90-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/956-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1168-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1252-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1288-145-0x0000000001FA0000-0x0000000001FBD000-memory.dmp

Filesize
116KB

Download
memory/1288-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1332-153-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/1332-108-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1332-120-0x0000000001FC0000-0x0000000001FDD000-memory.dmp

Filesize
116KB

Download
memory/1332-99-0x0000000001FC0000-0x0000000001FDD000-memory.dmp

Filesize
116KB

Download
memory/1332-148-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/1384-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1512-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1592-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1640-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1672-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-95-0x0000000005120000-0x000000000513D000-memory.dmp

Filesize
116KB

Download
memory/1704-70-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-71-0x0000000005110000-0x000000000512D000-memory.dmp

Filesize
116KB

Download
memory/1704-68-0x0000000005120000-0x000000000513D000-memory.dmp

Filesize
116KB

Download
memory/1704-60-0x0000000005120000-0x000000000513D000-memory.dmp

Filesize
116KB

Download
memory/1704-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-15-0x0000000005110000-0x000000000512D000-memory.dmp

Filesize
116KB

Download
memory/1728-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1768-174-0x00000000044A0000-0x00000000044BD000-memory.dmp

Filesize
116KB

Download
memory/1768-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1800-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1808-209-0x00000000047C0000-0x00000000047DD000-memory.dmp

Filesize
116KB

Download
memory/1808-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1816-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1840-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1884-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1956-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1956-97-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/1956-118-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/1980-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1980-132-0x0000000004820000-0x000000000483D000-memory.dmp

Filesize
116KB

Download
memory/1980-195-0x0000000004820000-0x000000000483D000-memory.dmp

Filesize
116KB

Download
memory/2024-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2140-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2180-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2288-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2376-67-0x00000000020C0000-0x00000000020DD000-memory.dmp

Filesize
116KB

Download
memory/2376-162-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/2376-93-0x00000000020C0000-0x00000000020DD000-memory.dmp

Filesize
116KB

Download
memory/2376-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-210-0x0000000004510000-0x000000000452D000-memory.dmp

Filesize
116KB

Download
memory/2436-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2496-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2580-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2628-61-0x0000000001F70000-0x0000000001F8D000-memory.dmp

Filesize
116KB

Download
memory/2628-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2628-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2676-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2676-215-0x00000000047C0000-0x00000000047DD000-memory.dmp

Filesize
116KB

Download
memory/2712-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2712-200-0x00000000044B0000-0x00000000044CD000-memory.dmp

Filesize
116KB

Download
memory/2732-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2888-140-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3008-211-0x0000000004900000-0x000000000491D000-memory.dmp

Filesize
116KB

Download
memory/3008-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3016-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3020-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3024-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3040-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3060-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3668-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3768-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3864-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3872-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3900-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3908-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3920-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4056-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4064-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4128-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4136-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download