d21f40e7da3863ebdaa474f3194c276e16d92ac56e1fc1a6e7e68552b1161c05

Analysis

max time kernel
20s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Size

1.1MB
MD5

3984aa3180c13d403e1da77191b94d10
SHA1

044674e40b8c06ca0c27dbba49589935fd438a9b
SHA256

d21f40e7da3863ebdaa474f3194c276e16d92ac56e1fc1a6e7e68552b1161c05
SHA512

348b3cfd627cf03f329c845fef9f25493be645c87f74ef0ae07b64bd5adbf0c011c79b389f68fdf230c6e878edad987d648603ea45676644c64b42278eff6178
SSDEEP

24576:t2fxt9v6gKJF4MEhSDhUGm3yyxfJSswrEqwJ3UfOej1NWntr0Mo:QZt3MEhQhXmpxhSswrH3OepNWndno

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1248-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x00070000000143fb-5.dat	upx
behavioral1/memory/2548-89-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2768-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1052-93-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1996-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1448-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1248-99-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1952-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2612-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1632-109-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2408-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1600-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1688-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2284-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2548-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1792-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2248-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/684-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1248-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/580-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1500-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1052-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1996-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1784-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1520-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1300-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2448-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1316-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1632-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2408-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1568-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1388-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1556-141-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2156-140-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1952-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2108-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2324-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/448-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/296-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1448-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1688-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2248-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1600-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1500-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2720-170-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2592-169-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2108-168-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2324-167-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/448-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/580-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3004-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1520-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/296-161-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2564-176-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1300-175-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2448-174-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1568-173-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1388-172-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1556-171-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1316-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2940-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1604-179-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3020-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\M:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\X:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\V:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\E:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\I:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\L:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\U:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\K:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Q:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\S:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Z:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\A:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\B:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\G:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\J:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\T:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\W:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Y:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\N:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\O:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\P:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\R:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\handjob uncut feet shoes .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish nude hidden .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish handjob xxx masturbation 50+ (Kathrin).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast voyeur girly (Christine,Jenna).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish bukkake lesbian girls femdom (Gina,Christine).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\shared\kicking gay public 50+ .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american horse girls (Liz,Sonja).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie voyeur latex .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\malaysia beast horse uncut (Jenna).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian hardcore beast [free] black hairunshaved (Janette,Liz).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\sperm masturbation leather .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\african lesbian gang bang [milf] .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gang bang sperm [bangbus] hole .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german lingerie full movie bondage (Sarah).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\gay beast catfight boobs .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian gay beastiality [free] boobs .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american gay full movie ejaculation .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american blowjob public (Karin).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\bukkake big balls .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\spanish gay blowjob [milf] .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Windows Journal\Templates\kicking full movie glans (Karin,Christine).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx [free] legs high heels .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\german blowjob handjob [free] blondie .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gang bang licking redhair (Christine,Christine).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore sperm sleeping feet circumcision .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast beastiality lesbian .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\horse cumshot masturbation bedroom (Samantha,Kathrin).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\malaysia lesbian fucking voyeur mistress (Karin).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british gay voyeur titts shoes .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\hardcore action girls young .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german gang bang [free] hairy (Gina).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse sleeping glans shower .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\tmp\blowjob cumshot hidden castration .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british horse horse hidden .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\swedish gay hot (!) ash 50+ (Tatjana).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\blowjob [milf] young (Christine).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\Temp\handjob hidden boobs (Kathrin).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\asian bukkake big shoes .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\hardcore catfight hairy .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\PLA\Templates\spanish porn porn uncut gorgeoushorny .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\horse full movie swallow .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\beastiality girls mature .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay lesbian masturbation sweet .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\gay kicking catfight shoes .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beastiality public legs wifey (Christine).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia bukkake big hole (Sonja).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\swedish gay [bangbus] glans .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\hardcore animal [milf] ash (Gina).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black cumshot lingerie several models sweet .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\german horse big ash blondie .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian gay masturbation boobs (Gina).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\spanish lesbian trambling hidden lady .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\swedish horse several models balls .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\spanish fucking blowjob full movie .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\italian horse [milf] redhair .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\asian hardcore [bangbus] ejaculation .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish cum animal lesbian granny (Sandy,Karin).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\russian hardcore kicking catfight .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british lesbian cumshot full movie stockings .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian nude horse public swallow .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\sperm catfight nipples latex (Sylvia,Ashley).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese sperm girls pregnant .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian animal girls ash .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian nude cumshot public boots .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\action blowjob licking nipples lady (Tatjana,Ashley).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian porn voyeur traffic .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\british animal animal [milf] femdom .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse horse uncut nipples balls (Sonja,Jade).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\norwegian animal catfight circumcision .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\malaysia beast sperm girls (Jenna,Janette).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude public YEâPSè& (Sonja,Samantha).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\security\templates\german gay several models boobs (Sarah).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\black beast licking .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\asian horse lingerie sleeping ash gorgeoushorny .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\chinese xxx beastiality masturbation .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african kicking uncut vagina 50+ .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\chinese gang bang trambling voyeur boots .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\nude kicking big (Samantha).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\hardcore [bangbus] young .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\swedish animal cumshot sleeping beautyfull (Tatjana,Curtney).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish cum several models blondie .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\handjob sperm girls high heels .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\action fucking sleeping castration (Britney,Christine).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\sperm girls .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\brasilian cumshot cum full movie ìï (Janette,Melissa).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\african hardcore gay sleeping (Janette,Samantha).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\italian hardcore beast lesbian .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish nude licking 50+ (Kathrin,Curtney).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\swedish fetish licking feet castration .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1952	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2408	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1688	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1600	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1632	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2284	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
684	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
580	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1500	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
296	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2408	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1952	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2324	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2156	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1388	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1568	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1688	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1600	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1300	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2108	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1520	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1760	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1556	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1632	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1632	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2284	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2284	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1316	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1316	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2612	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	28
PID 1248 wrote to memory of 2612	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	28
PID 1248 wrote to memory of 2612	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	28
PID 1248 wrote to memory of 2612	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	28
PID 2612 wrote to memory of 1792	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	29
PID 2612 wrote to memory of 1792	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	29
PID 2612 wrote to memory of 1792	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	29
PID 2612 wrote to memory of 1792	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	29
PID 1248 wrote to memory of 2548	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	30
PID 1248 wrote to memory of 2548	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	30
PID 1248 wrote to memory of 2548	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	30
PID 1248 wrote to memory of 2548	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	30
PID 1792 wrote to memory of 2768	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	31
PID 1792 wrote to memory of 2768	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	31
PID 1792 wrote to memory of 2768	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	31
PID 1792 wrote to memory of 2768	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	31
PID 2612 wrote to memory of 1052	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	32
PID 2612 wrote to memory of 1052	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	32
PID 2612 wrote to memory of 1052	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	32
PID 2612 wrote to memory of 1052	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	32
PID 2548 wrote to memory of 1996	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	33
PID 2548 wrote to memory of 1996	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	33
PID 2548 wrote to memory of 1996	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	33
PID 2548 wrote to memory of 1996	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	33
PID 1248 wrote to memory of 1448	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	34
PID 1248 wrote to memory of 1448	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	34
PID 1248 wrote to memory of 1448	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	34
PID 1248 wrote to memory of 1448	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	34
PID 2768 wrote to memory of 1784	2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	35
PID 2768 wrote to memory of 1784	2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	35
PID 2768 wrote to memory of 1784	2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	35
PID 2768 wrote to memory of 1784	2768	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	35
PID 1052 wrote to memory of 2408	1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	36
PID 1052 wrote to memory of 2408	1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	36
PID 1052 wrote to memory of 2408	1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	36
PID 1052 wrote to memory of 2408	1052	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	36
PID 1996 wrote to memory of 1952	1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	37
PID 1996 wrote to memory of 1952	1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	37
PID 1996 wrote to memory of 1952	1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	37
PID 1996 wrote to memory of 1952	1996	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	37
PID 1792 wrote to memory of 1688	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	38
PID 1792 wrote to memory of 1688	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	38
PID 1792 wrote to memory of 1688	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	38
PID 1792 wrote to memory of 1688	1792	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	38
PID 2612 wrote to memory of 1632	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	39
PID 2612 wrote to memory of 1632	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	39
PID 2612 wrote to memory of 1632	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	39
PID 2612 wrote to memory of 1632	2612	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	39
PID 1448 wrote to memory of 1600	1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	40
PID 1448 wrote to memory of 1600	1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	40
PID 1448 wrote to memory of 1600	1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	40
PID 1448 wrote to memory of 1600	1448	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	40
PID 2548 wrote to memory of 2284	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	41
PID 2548 wrote to memory of 2284	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	41
PID 2548 wrote to memory of 2284	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	41
PID 2548 wrote to memory of 2284	2548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	41
PID 1248 wrote to memory of 2248	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	42
PID 1248 wrote to memory of 2248	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	42
PID 1248 wrote to memory of 2248	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	42
PID 1248 wrote to memory of 2248	1248	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	42
PID 1784 wrote to memory of 684	1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	43
PID 1784 wrote to memory of 684	1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	43
PID 1784 wrote to memory of 684	1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	43
PID 1784 wrote to memory of 684	1784	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	43

C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        10⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        11⤵
        
        PID:20440
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        10⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        10⤵
        
        PID:20320
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        10⤵
        
        PID:20268
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20156
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:21268
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20468
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20036
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:19868
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20040
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:21208
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:19940
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20476
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20792
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:19972
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20100
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:21092
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20768
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20060
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:19980
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20992
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:21276
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20212
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20392
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20812
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20092
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20936
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21160
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20384
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:21284
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20052
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20076
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:21152
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:21216
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20020
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20140
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20260
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20252
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20004
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20456
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20228
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:19988
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20508
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20860
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13856
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20012
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14032
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20068
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:19884
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14684
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20172
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14040
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21184
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20132
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13668
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15424
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:14516
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:21132
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20188
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        9⤵
        
        PID:20028
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20084
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20368
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20900
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:19996
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20376
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20428
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20684
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:19932
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:21244
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20784
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21116
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13700
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20108
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20116
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21048
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:22220
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20524
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14016
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20848
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:19916
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20180
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20776
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14000
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14816
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14928
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:21140
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:15956
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:20164
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20532
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20760
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20944
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20220
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20748
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13952
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20124
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:20244
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13944
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21080
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14736
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21200
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16060
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:21124
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:21100
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:14276
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:20236
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21192
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21168
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21256
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14888
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21072
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:19924
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:13676
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:19956
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:15964
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:21476
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:20204
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20148
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14476
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14124
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:20448
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:14700
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:11216
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16296
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:4136
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15656
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:9936
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:13588
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:6300
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:13612
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:10236
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:21056
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:13992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\german lingerie full movie bondage (Sarah).mpeg.exe

Filesize
762KB

MD5
85fe2efeff9f6ac8831442a5576a9ff5

SHA1
c82b403f169f86451bc4b2ed84935d0017c20462

SHA256
f32fcc62e68193b9aad5ab971b6ca0c9593ac36c4d3363b2ba5f1b394357ac52

SHA512
771200057257f83af3e0bef75b88afe3f6066ea4a7dab84513a1a314b3461ae21838a78211d7f2f980602f289817952e55c7bc3294e35a63aea1edaef4b16db1

Download Submit
C:\debug.txt

Filesize
183B

MD5
7781569ac62dc57b585e04fe318d2f7f

SHA1
24256a7cc61238cec0cbd706acde955576b88485

SHA256
e6629f8de299acd269008ff5ba93c033fce10c0afd3e602e307939d7cf5a69f7

SHA512
eb8fd068ab00758dbcff49f00e00bf8bfb6a24ec38bc0ef67b2c7a0e1ed09356a0137c7e0804d6e124e7cea192abfb58593163ae50bccad07f937fc22df448fa

Download Submit
memory/296-161-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/296-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/448-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/448-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/580-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/580-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/684-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1052-160-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/1052-93-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1052-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1052-102-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1248-99-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1248-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1248-100-0x0000000005560000-0x000000000557D000-memory.dmp

Filesize
116KB

Download
memory/1248-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1248-64-0x0000000005560000-0x000000000557D000-memory.dmp

Filesize
116KB

Download
memory/1248-110-0x0000000005560000-0x000000000557D000-memory.dmp

Filesize
116KB

Download
memory/1248-481-0x0000000074E00000-0x0000000074E03000-memory.dmp

Filesize
12KB

Download
memory/1248-88-0x0000000005560000-0x000000000557D000-memory.dmp

Filesize
116KB

Download
memory/1248-127-0x0000000005560000-0x000000000557D000-memory.dmp

Filesize
116KB

Download
memory/1248-480-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1248-343-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1248-486-0x0000000074DC0000-0x0000000074DC8000-memory.dmp

Filesize
32KB

Download
memory/1300-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1300-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1316-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1316-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1448-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1448-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1500-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1500-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1520-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1520-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1556-141-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1556-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1568-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1568-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1604-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1632-109-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1632-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1688-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1688-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1784-118-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/1784-155-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/1784-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1792-115-0x0000000000530000-0x000000000054D000-memory.dmp

Filesize
116KB

Download
memory/1792-108-0x0000000000790000-0x00000000007AD000-memory.dmp

Filesize
116KB

Download
memory/1792-90-0x0000000000530000-0x000000000054D000-memory.dmp

Filesize
116KB

Download
memory/1792-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1952-157-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1952-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1952-178-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/1952-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1952-122-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1996-166-0x00000000044F0000-0x000000000450D000-memory.dmp

Filesize
116KB

Download
memory/1996-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1996-133-0x00000000044F0000-0x000000000450D000-memory.dmp

Filesize
116KB

Download
memory/1996-103-0x00000000004F0000-0x000000000050D000-memory.dmp

Filesize
116KB

Download
memory/1996-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1996-138-0x00000000004F0000-0x000000000050D000-memory.dmp

Filesize
116KB

Download
memory/2108-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2108-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2156-140-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2248-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2248-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2284-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2324-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2324-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2408-156-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/2408-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2408-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2548-94-0x0000000001ED0000-0x0000000001EED000-memory.dmp

Filesize
116KB

Download
memory/2548-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2548-125-0x0000000001ED0000-0x0000000001EED000-memory.dmp

Filesize
116KB

Download
memory/2548-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2564-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2592-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2592-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-105-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/2612-92-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/2612-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-87-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/2612-120-0x0000000005060000-0x000000000507D000-memory.dmp

Filesize
116KB

Download
memory/2720-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2720-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2768-98-0x0000000004AD0000-0x0000000004AED000-memory.dmp

Filesize
116KB

Download
memory/2768-130-0x0000000004AD0000-0x0000000004AED000-memory.dmp

Filesize
116KB

Download
memory/2768-180-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2768-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2768-164-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2768-131-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2940-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3004-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3004-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3020-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download