6a978ccaf5543a6d266b7e9fd8b86852212ea64544ee32593b199d856a43cf97

Analysis

max time kernel
10s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46134f27b3faec0225028d26c994dc60_NEIKI.exe
Size

1.7MB
MD5

46134f27b3faec0225028d26c994dc60
SHA1

12582dca12993e6efc8fb140a2b01c6a756b6449
SHA256

6a978ccaf5543a6d266b7e9fd8b86852212ea64544ee32593b199d856a43cf97
SHA512

2c4315c1e983c7961062a4c1738c380b2680421a3a6a49fa135ccc158233aff7c2465d1bcf17191f65c8c28f048506a0b3065418b4bc2684aa8114b973cb1c6d
SSDEEP

24576:VtFLUgxu2bNAHjfvDW4yO7jmj5pEnWeupXYxCau+0dbRZG3Q//vvhx7ynBd62nBz:7FL1rq/tyO42vnz3Qv5FyT6SB/wU

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2816-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0006000000022b21-5.dat	upx
behavioral2/memory/4144-15-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3296-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4228-163-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4064-164-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4556-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2468-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4296-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4008-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4104-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2816-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2716-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4144-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4072-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3296-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4528-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2620-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3024-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2540-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2816-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1852-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4228-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2748-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4972-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4064-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2468-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4488-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4556-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2668-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4296-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2096-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4008-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4104-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1224-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4284-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2392-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3024-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1116-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4328-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2540-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5136-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2748-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1852-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4488-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5276-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4972-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5340-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/708-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/556-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5456-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2668-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5604-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5800-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3152-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5596-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4632-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5564-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1224-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5136-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5840-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5300-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5260-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6100-247-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\M:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\S:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\U:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\V:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\W:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\H:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\E:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\G:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\K:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\R:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\X:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\Z:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\A:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\N:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\Q:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\Y:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\J:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\L:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\O:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\P:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\T:	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File opened (read-only)	\??\B:	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\chinese fucking bukkake voyeur nipples .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian blowjob hardcore girls 50+ (Karin).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling trambling uncut black hairunshaved .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\african gang bang big cock (Sonja).mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish handjob lingerie hot (!) vagina blondie .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish handjob public .rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay lesbian (Britney).mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish gay xxx hot (!) swallow (Sonja).mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia kicking lesbian licking .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian xxx hot (!) .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian fetish voyeur shoes .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian animal full movie (Melissa).mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian cumshot [bangbus] vagina 40+ (Janette,Samantha).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang handjob public .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese lingerie girls vagina ¼ë .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake kicking [milf] .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian sperm girls mistress (Ashley).avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Temp\horse hot (!) .rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake hot (!) feet ¼ë (Sonja,Curtney).mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian handjob several models shower (Samantha,Melissa).avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\german trambling sperm big legs YEâPSè& (Sandy,Sonja).zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian lingerie bukkake hot (!) .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action hidden swallow .rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\spanish cumshot [milf] gorgeoushorny .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish lesbian young (Anniston,Jenna).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\sperm girls ash .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian blowjob action masturbation high heels .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\lesbian voyeur nipples .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish gang bang horse uncut hole traffic .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian fucking [free] young (Britney).mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB476.tmp\horse nude public .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\CbsTemp\chinese kicking [free] .rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\mssrv.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast sperm big hole boots .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\porn beastiality sleeping stockings .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\trambling masturbation .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\PLA\Templates\beast lingerie [free] young .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\security\templates\cumshot licking (Tatjana,Sarah).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish horse catfight .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\tmp\asian lesbian gay public cock .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian bukkake cumshot hidden wifey .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore gang bang hidden glans .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\animal kicking [free] hole .rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french gay beast catfight boobs young .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake hot (!) hole black hairunshaved .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian sperm beastiality hot (!) ejaculation .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\lesbian sperm public blondie .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\InputMethod\SHARED\asian lingerie sleeping boots .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\action animal catfight swallow .mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore girls swallow .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian horse lesbian legs \Û (Sylvia,Melissa).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\cumshot hot (!) shower (Janette).avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian trambling hot (!) (Karin,Sonja).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\temp\blowjob blowjob full movie shower .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\italian handjob [bangbus] .avi.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\cum hardcore sleeping .zip.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\african animal [milf] upskirt .mpg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\nude big 50+ (Sonja,Karin).rar.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\danish horse hot (!) (Christine,Ashley).mpeg.exe	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe
3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe
3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2620	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2620	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4528	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4528	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4228	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4228	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4064	46134f27b3faec0225028d26c994dc60_NEIKI.exe
4064	46134f27b3faec0225028d26c994dc60_NEIKI.exe
3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe
3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 4144	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	86
PID 2816 wrote to memory of 4144	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	86
PID 2816 wrote to memory of 4144	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	86
PID 4144 wrote to memory of 4072	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	91
PID 4144 wrote to memory of 4072	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	91
PID 4144 wrote to memory of 4072	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	91
PID 2816 wrote to memory of 3296	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	92
PID 2816 wrote to memory of 3296	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	92
PID 2816 wrote to memory of 3296	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	92
PID 4072 wrote to memory of 2620	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	93
PID 4072 wrote to memory of 2620	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	93
PID 4072 wrote to memory of 2620	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	93
PID 4144 wrote to memory of 4528	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	94
PID 4144 wrote to memory of 4528	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	94
PID 4144 wrote to memory of 4528	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	94
PID 2816 wrote to memory of 4228	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	95
PID 2816 wrote to memory of 4228	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	95
PID 2816 wrote to memory of 4228	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	95
PID 3296 wrote to memory of 4064	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	96
PID 3296 wrote to memory of 4064	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	96
PID 3296 wrote to memory of 4064	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	96
PID 4072 wrote to memory of 2468	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	98
PID 4072 wrote to memory of 2468	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	98
PID 4072 wrote to memory of 2468	4072	46134f27b3faec0225028d26c994dc60_NEIKI.exe	98
PID 2620 wrote to memory of 4556	2620	46134f27b3faec0225028d26c994dc60_NEIKI.exe	99
PID 2620 wrote to memory of 4556	2620	46134f27b3faec0225028d26c994dc60_NEIKI.exe	99
PID 2620 wrote to memory of 4556	2620	46134f27b3faec0225028d26c994dc60_NEIKI.exe	99
PID 4144 wrote to memory of 4296	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	100
PID 4144 wrote to memory of 4296	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	100
PID 4144 wrote to memory of 4296	4144	46134f27b3faec0225028d26c994dc60_NEIKI.exe	100
PID 4528 wrote to memory of 2096	4528	46134f27b3faec0225028d26c994dc60_NEIKI.exe	101
PID 4528 wrote to memory of 2096	4528	46134f27b3faec0225028d26c994dc60_NEIKI.exe	101
PID 4528 wrote to memory of 2096	4528	46134f27b3faec0225028d26c994dc60_NEIKI.exe	101
PID 3296 wrote to memory of 4104	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	102
PID 3296 wrote to memory of 4104	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	102
PID 3296 wrote to memory of 4104	3296	46134f27b3faec0225028d26c994dc60_NEIKI.exe	102
PID 2816 wrote to memory of 4008	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	103
PID 2816 wrote to memory of 4008	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	103
PID 2816 wrote to memory of 4008	2816	46134f27b3faec0225028d26c994dc60_NEIKI.exe	103
PID 4228 wrote to memory of 2716	4228	46134f27b3faec0225028d26c994dc60_NEIKI.exe	104
PID 4228 wrote to memory of 2716	4228	46134f27b3faec0225028d26c994dc60_NEIKI.exe	104
PID 4228 wrote to memory of 2716	4228	46134f27b3faec0225028d26c994dc60_NEIKI.exe	104
PID 4064 wrote to memory of 4284	4064	46134f27b3faec0225028d26c994dc60_NEIKI.exe	105
PID 4064 wrote to memory of 4284	4064	46134f27b3faec0225028d26c994dc60_NEIKI.exe	105
PID 4064 wrote to memory of 4284	4064	46134f27b3faec0225028d26c994dc60_NEIKI.exe	105

C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:17648
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5056
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:17572
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:12252
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:17284
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3296
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:14116
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:16808
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:17600
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:9268
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:12872
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:4544
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:14604
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:15868
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:16792
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:13996
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:9772
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:13080
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:5904
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:4008
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
        5⤵
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:15940
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:14928
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:14532
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:708
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:15604
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:11000
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:15536
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:5840
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:11180
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:2544
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:6916
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:13188
- - C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
    3⤵
    PID:7964
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:9220
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:12904
- C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\46134f27b3faec0225028d26c994dc60_NEIKI.exe"
  2⤵
  PID:17720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian lingerie bukkake hot (!) .avi.exe

Filesize
267KB

MD5
34410426832963c1de87bab3dfd5a16b

SHA1
b7a0c3396b4dcdfb8bd67bda6c4849de235750b4

SHA256
4ac9a52f2ebb1545011255a90051b3ac99a81dddb4c63f13c6962b896788b889

SHA512
62c6a24fa12090f779d56f9dd81937e6d7627a566955f2573186237933a36f2acb60f1affa6f673604e86ff03d5eb3e9495e3a6cfdc932b9567d4f93413a82fe

Download Submit
memory/556-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/708-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1116-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1224-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1224-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1852-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1852-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2096-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2392-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2468-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2468-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2668-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2668-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2716-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2748-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2748-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-344-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3152-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3296-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3296-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4008-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4008-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4064-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4064-164-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4072-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4104-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4104-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4144-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4144-15-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4228-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4228-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4284-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4296-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4296-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4328-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4488-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4488-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4528-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4556-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4556-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4632-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4972-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4972-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5136-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5136-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5332-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5456-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5480-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5564-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5564-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5572-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5596-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5596-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5604-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5604-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5612-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5800-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5800-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5840-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5840-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5896-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5984-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5992-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5992-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6000-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6000-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6008-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6020-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6028-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6052-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6100-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6100-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6288-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6360-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6372-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6440-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6620-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6652-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6676-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7000-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7012-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download