Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 04:34

General

  • Target

    f11098d550731f360f47109eb46b3d90_NEIKI.exe

  • Size

    67KB

  • MD5

    f11098d550731f360f47109eb46b3d90

  • SHA1

    915384c54086237235063c7cf20c3765e2027473

  • SHA256

    65c4651963fd01049310cde62548d2087fcb23638a12459597740fc3ad107743

  • SHA512

    4e9acc495e27334b06a6f1a2c37bce45f1a4084d4e42d887c4e1450af16f7b7378ec3b64cc922a044d87b2ae80d2146788a8b8d362b95051063a848dcb435137

  • SSDEEP

    1536:r5GD/XPgQGcvZORS3g+nHTyzKfqyNt6YJSofrK8/c6:r5GzISZswezGN4YJSofrKI/

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
      C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1508
      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
          C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2816
          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2872
            • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
              C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
              6⤵
              • Enumerates connected drives
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2464
              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                7⤵
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:3004
                • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                  C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                  8⤵
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:2912
                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                    9⤵
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2940
                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                      C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                      10⤵
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:3028
                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                        11⤵
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of WriteProcessMemory
                        PID:2920
                        • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                          C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                          12⤵
                          • Suspicious use of WriteProcessMemory
                          PID:2936
                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                            13⤵
                              PID:2608
                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                14⤵
                                  PID:1428
                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                    15⤵
                                      PID:1296
                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                        16⤵
                                          PID:2424
                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                            17⤵
                                              PID:2504
                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                18⤵
                                                  PID:2448
                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                    19⤵
                                                      PID:1020
                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                        20⤵
                                                          PID:1512
                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                            21⤵
                                                              PID:1192
                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                22⤵
                                                                  PID:528
                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                    23⤵
                                                                      PID:1328
                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                        24⤵
                                                                          PID:2720
                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                            25⤵
                                                                              PID:1816
                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                26⤵
                                                                                  PID:1596
                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                    27⤵
                                                                                      PID:1376
                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                        28⤵
                                                                                          PID:972
                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                            29⤵
                                                                                              PID:1844
                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                30⤵
                                                                                                  PID:2192
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                    31⤵
                                                                                                      PID:832
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                        32⤵
                                                                                                          PID:3000
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                            33⤵
                                                                                                              PID:3012
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                34⤵
                                                                                                                  PID:2976
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                    35⤵
                                                                                                                      PID:1664
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                        36⤵
                                                                                                                          PID:2196
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                            37⤵
                                                                                                                              PID:1524
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                38⤵
                                                                                                                                  PID:2040
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                    39⤵
                                                                                                                                      PID:2824
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                        40⤵
                                                                                                                                          PID:2908
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                            41⤵
                                                                                                                                              PID:3020
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                42⤵
                                                                                                                                                  PID:3028
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                    43⤵
                                                                                                                                                      PID:2588
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                        44⤵
                                                                                                                                                          PID:2500
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                            45⤵
                                                                                                                                                              PID:1616
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                46⤵
                                                                                                                                                                  PID:2300
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                    47⤵
                                                                                                                                                                      PID:2428
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                        48⤵
                                                                                                                                                                          PID:2456
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                            49⤵
                                                                                                                                                                              PID:2532
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                50⤵
                                                                                                                                                                                  PID:2444
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                    51⤵
                                                                                                                                                                                      PID:2856
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                        52⤵
                                                                                                                                                                                          PID:1696
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                            53⤵
                                                                                                                                                                                              PID:2336
                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                54⤵
                                                                                                                                                                                                  PID:2208
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                    55⤵
                                                                                                                                                                                                      PID:1332
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                        56⤵
                                                                                                                                                                                                          PID:2060
                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                            57⤵
                                                                                                                                                                                                              PID:1780
                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                58⤵
                                                                                                                                                                                                                  PID:552
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                    59⤵
                                                                                                                                                                                                                      PID:1124
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                        60⤵
                                                                                                                                                                                                                          PID:1376
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                            61⤵
                                                                                                                                                                                                                              PID:2408
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                62⤵
                                                                                                                                                                                                                                  PID:3008
                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                    63⤵
                                                                                                                                                                                                                                      PID:1752
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                        64⤵
                                                                                                                                                                                                                                          PID:2556
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                            65⤵
                                                                                                                                                                                                                                              PID:996
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                66⤵
                                                                                                                                                                                                                                                  PID:2564
                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                    67⤵
                                                                                                                                                                                                                                                      PID:2148
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                        68⤵
                                                                                                                                                                                                                                                          PID:2156
                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                            69⤵
                                                                                                                                                                                                                                                              PID:2220
                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                70⤵
                                                                                                                                                                                                                                                                  PID:928
                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                    71⤵
                                                                                                                                                                                                                                                                      PID:2308
                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                        72⤵
                                                                                                                                                                                                                                                                          PID:1076
                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                            73⤵
                                                                                                                                                                                                                                                                              PID:1912
                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                74⤵
                                                                                                                                                                                                                                                                                  PID:2196
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                    75⤵
                                                                                                                                                                                                                                                                                      PID:804
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                        76⤵
                                                                                                                                                                                                                                                                                          PID:1636
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                            77⤵
                                                                                                                                                                                                                                                                                              PID:2468
                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                78⤵
                                                                                                                                                                                                                                                                                                  PID:2816
                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                    79⤵
                                                                                                                                                                                                                                                                                                      PID:2832
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                        80⤵
                                                                                                                                                                                                                                                                                                          PID:2852
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                            81⤵
                                                                                                                                                                                                                                                                                                              PID:1196
                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                82⤵
                                                                                                                                                                                                                                                                                                                  PID:2028
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                    83⤵
                                                                                                                                                                                                                                                                                                                      PID:2064
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                        84⤵
                                                                                                                                                                                                                                                                                                                          PID:2688
                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                            85⤵
                                                                                                                                                                                                                                                                                                                              PID:2608
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                86⤵
                                                                                                                                                                                                                                                                                                                                  PID:1624
                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                    87⤵
                                                                                                                                                                                                                                                                                                                                      PID:1428
                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                        88⤵
                                                                                                                                                                                                                                                                                                                                          PID:2436
                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                            89⤵
                                                                                                                                                                                                                                                                                                                                              PID:2304
                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                90⤵
                                                                                                                                                                                                                                                                                                                                                  PID:2668
                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                    91⤵
                                                                                                                                                                                                                                                                                                                                                      PID:1248
                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                        92⤵
                                                                                                                                                                                                                                                                                                                                                          PID:1944
                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                            93⤵
                                                                                                                                                                                                                                                                                                                                                              PID:2336
                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                94⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:788
                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                    95⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:2700
                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                        96⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:2720
                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                            97⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:1372
                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                98⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:1756
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                    99⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:2784
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                        100⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:864
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                            101⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:3000
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                102⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:3064
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                    103⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:888
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                        104⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1576
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                            105⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:2908
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2824
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2560
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1320
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1684
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1196
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2028
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2648
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1700
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2432
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2304
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2980
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    123⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        124⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            125⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe" C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                126⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    127⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        128⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            129⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                130⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    131⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        132⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          at 4:45:16 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          132⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          131⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            131⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          129⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            129⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            128⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              128⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1728
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              127⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:268
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                127⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            124⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              124⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              123⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                123⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2936
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 4:45:15 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 4:45:14 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      at 4:45:14 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        at 4:45:14 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          at 4:45:14 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 4:45:14 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      at 4:45:13 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        at 4:45:13 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          at 4:45:13 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2360
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            78⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 4:45:13 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              78⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            76⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 4:45:13 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              76⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              75⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 4:45:12 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                75⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                74⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 4:45:12 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  74⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  73⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    at 4:45:12 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    73⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1664
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                      at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                      25⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2688
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                        at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        25⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1104
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                        at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                        24⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2084
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                          at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          24⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:2092
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                      at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                      21⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2016
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                        at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        21⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1876
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                        at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                        20⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1264
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                          at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          20⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:1892
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                          at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                          19⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:1044
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                            at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                            19⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:604
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                            at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                            18⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1576
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                              at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              18⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2376
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                              at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                              17⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2324
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                                at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                17⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2848
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:2528
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                  at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  8⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:2584
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                  at 1 /delete /yes
                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:2532
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\at.exe
                                                                                                                                                                                                                                                                                                                                                                                                    at 4:45:09 AM "C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe"
                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:2636
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                          \??\C:\Windows\system32\conhost.exe "-195669412392625557-774364419742248184600341708-1778535812-1491706631970636518"
                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:3064
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                            \??\C:\Windows\system32\conhost.exe "2021419187-57124071060393688-1437658918-159348891612116126473226205991976036725"
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:2344
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                              \??\C:\Windows\system32\conhost.exe "-1261877402-1215555862-1681332858-211026105-329507610-1701173590-601445842019888836"
                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:2692
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                \??\C:\Windows\system32\conhost.exe "-87802578916782587691018475259-706507228-1071750264-862435511-12201210031190257902"
                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                  \??\C:\Windows\system32\conhost.exe "-571910666-1230787463-932789629-1545521512-1010604469-464357004318747843297669744"
                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe "803396816-166969638519397158011222965986-981265632-113175866-1789791911451705682"
                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:2360

                                                                                                                                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      151KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      857799a864be39dbd573fbb1b44cdb0e

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      90bee693d2d48dee720559c4267d074526d4f5ca

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      626013d4d29b9a7e9df3bd033d01936264d4c27098676436cf93cd94cb3ca83e

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      749f3e7a48cf1badc1733d7f93dfb851c3ed9bb3dd16e8f9fcbea1377a2a2ab1643178322b2005ca50b060d246ea72c099d542a07aa188579184d7db8d2dacd7

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      f5fab3cab3ca1b623cb0014e440b8a44

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      59cd3c4879feb549403078f32147bb7c0e518e99

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      02abedd249cb7593f870aaf9898d64be66b7533493b0118ea4161636fcffcc01

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      2d985b276daa6a52201ba04054a1b46468205b8a2ae4262cec72d91512bef1dab507d58549b7639e2185f78780f862b493e84394ec4394a5b5bd31d0c41da8e1

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      abf8ae9e1e989615e1682198c3ea6514

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      816eca47f2aaf05116eedde3c5e50bff5785160b

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      768af15cec9dfccb7b88edb25bdd02afe2761163491678804b888a29ed5062fe

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      52ea419da917e94a22dc74dd120c4175d17d9c77f627e90cda7b1e6437035ac4c5d1088033ab62f32cba220343471c3b1b08e866bde676c2ea25975a40276b2f

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      ad5ff1820c209c7b53fe9d4b4cd71f8c

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      13c849f39e93ece8ca51c80584a0a93e48f209ef

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      beb61d725653f3d32dbc80413b6558e0ea799ef837a5ad01ac905eb94c4ccf63

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      067c75abc9f9c0a251099b99751e477dedd6140315c2b74e73373b8d825eb24c30cdc7f7d59017c999b4f7fe91b55fb9255a6798fe1c2d572af96ca4e897ef7a

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      742a0380eb2a32e00ffb98e0dba81fa0

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      f52bccd1b1af7ccc0ca0cbdf20c3d58cd1c9cb33

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      1c9206ab85d6f4ec9ad093f16f3eff674360c58495b03ecaa08efec90efacb4a

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      e9000f69109513b67868cd94a891916a66dd49466598abf1c0721e115d4d458f0c9b5b75c6ae619974ae8e0173a48802ef8d274f3d135bf5c43124243d7a0e75

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      760e0f3722829e0d3075b7a50cb7de78

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      62b826e7c16415ed9f47c4352dc5f74e9ae7deb7

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      015f3d7db2c366bb3471591659f5a1448c5ceabf4e8ba8269bf1cc403111440e

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      5b40ec28688a16531d26b181646ec678f8713d3570ce275e8a8803cf73d868b4f9dd5e89488a0391b2f6f375993e3b6f5c3bd9b3f3a8394ccc008b1e0e0ca6a5

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      de5eaac909d8984d93d4d214bd3b3e3b

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      8afe4b145ea12d9336347cc3d3b8334064e90f66

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      8bd876e9634ba38077d8bd3309bfcd38d15c3f33f47c558769bc2397624c5163

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      61c8f96db24b253f5b83222adbde3a6ebd1ffd8f8310e23c3baba8e31769efe0ad02454de10a7c804f3b8fb6de8d824d46445f54800a364ef666399d0b01e7df

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      e9a949675c6d6b634bc526d17f5cc675

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      f6057baf14150effcc054c091dc11b2c8c6800c7

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      2841115276789ef689d856f7e689a46dff40625b9bba6722d562ff8ec3c193be

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      ac5df98ea68fc58161115efb04d25aeb2668f987dc65420b15597958eed434a3d6ab13a43ede923e69163309bd518a25df28c869c7a0a9bb88823322cdce6db9

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      1d36628fd5472335596379a1ac5e6c83

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      00ab8e090de269f4e2f650dc13c210d4b107c764

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      6e5e9c7210cb56c41127f2bc8ea1a32049f8cf8557c51974809f782e35839a59

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      cae283d0680e59a2134ebc3d992eaaa9da6e77d2b076f0f6825c4f4b2b78731e3227fccde4cb1cc07834fa024c527863d367d4f7a9b45d5978402ead5b4ab48d

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      6d1c52121fcdabab08652a32a41fd288

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      3378a9ff9f4f9f2586bbdcaf030bcc368f67af7d

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      cf700451ee03a5f56dfe77a1495ca27a8e0051a98161cf1afbbbd04ea4630672

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      2624213cbac805a27be7db1969e14c100cbd60a1056f22445f3248d5486ae4b0589f4dbb7672347c18bbba28adc78fe52d3a785f1c396cbb8ee0cc04aa15a92e

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      3a9e26cce43e812ee3d300772dc393bf

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      ce084eaba8f2a64c2b58f6c49501c5a9b5119082

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      03a3880dae4a46579934d0112e123b595230b61a3a5b469e0bf64d553e6a9007

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      d868981f776c8a38e8ec73545260f7f131437cd69f835678583d3591c738f6d665291fe7afa55f940f47e0329ca5e4cc74098bc42390e8d0e9499ea860292087

                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\f11098d550731f360f47109eb46b3d90_NEIKI.exe123

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      67KB

                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                      41631619c2a4386ecb1923bd0ad746c7

                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                      79ce89474947d6b2f7d1758be718067c52921c2b

                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                      35a59af0b98574e2fa9f835ba63686b6cb522809e1f0933b5b575d93089d7244

                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                      6951ec138b397c59d09ff1ce91d9862f8746c7800e743a1857ec787603ed4aaa7ca6c8837f6695d17954d58a919d7ad3da693304c688ead44c4c3b8c1cf3d839

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/528-81-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/552-253-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/832-119-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/972-103-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1020-71-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1124-258-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1192-76-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1296-66-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1328-82-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1332-238-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1376-98-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1376-264-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1428-61-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1508-9-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1512-70-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1524-147-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1596-93-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1616-188-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1640-4-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1664-139-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1696-223-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1752-279-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1780-248-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1816-88-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1844-109-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2040-152-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2060-243-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2192-114-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2196-140-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2196-142-0x0000000076DF0000-0x0000000076EEA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      1000KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2196-141-0x0000000076CD0000-0x0000000076DEF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2208-233-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2296-14-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2300-193-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2336-228-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2408-269-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2424-67-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2428-198-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2444-213-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2448-69-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2456-203-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2500-183-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2504-68-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2532-208-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2588-177-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2608-56-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2720-83-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2816-19-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2824-157-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2856-218-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2872-24-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2908-162-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2912-29-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2920-44-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2936-49-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2940-34-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2976-134-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3000-124-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3004-51-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3008-274-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3012-129-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3020-167-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3028-39-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                                                                                                                                    • memory/3028-172-0x0000000000400000-0x0000000000428000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                      160KB