f22bd38a1dde0a5c0b6d28af66574277333bb9553780801ffcb7b3dccbe11aea

Analysis

max time kernel
16s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Size

1.2MB
MD5

e97a8615e0d5ff74d21d9d79b7e1d2c0
SHA1

1e3e933b5efc8b533402a0ed37e0eca20bbbd42e
SHA256

f22bd38a1dde0a5c0b6d28af66574277333bb9553780801ffcb7b3dccbe11aea
SHA512

596903d4b260c537bf5bdc5e761c17fa5280c4e6ce54d6113e1bfb5f78344c1c35e155c84f9aaf74c1ede3b1a97cb403a36b9a45cd10872e179507030a874435
SSDEEP

24576:lq89J7l75rJsl3Rj0Pt3ZDnCXquGJpJz8wBLAblH5mkP1yTjVYP9SIiH:lx9gl3t43ZEqu0pJQwyR53P1yloAIiH

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 19 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\L:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\S:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\T:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\U:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\Y:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\A:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\B:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\O:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\Q:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\R:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\W:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\Z:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\I:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\N:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\J:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\V:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\G:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\H:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\P:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\X:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\E:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File opened (read-only)	\??\M:	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\black action lingerie girls titts leather (Curtney).mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling [milf] castration .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish fetish fucking several models swallow (Jenna,Janette).rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay [milf] (Janette).zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake big bondage .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian fetish bukkake licking feet (Gina,Samantha).rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore big titts .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm lesbian boots .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian fetish beast [milf] hotel .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish porn beast lesbian 50+ (Sandy,Liz).mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm lesbian (Sylvia).avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish cumshot horse [milf] .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\beast girls latex .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\italian kicking gay voyeur pregnant .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake masturbation girly .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking horse [free] fishy .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black porn xxx masturbation (Sylvia).avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob hidden gorgeoushorny .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish porn sperm full movie feet .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\russian cumshot trambling [milf] .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling [milf] hairy .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\beast catfight titts .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx licking glans circumcision (Sarah).avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian voyeur .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob hot (!) feet stockings .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american fetish hardcore lesbian balls .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish kicking bukkake hot (!) glans latex (Liz).mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie catfight cock .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\italian gang bang gay hot (!) mistress .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast licking .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\german lesbian [bangbus] feet .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum bukkake [free] glans hotel .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\handjob hardcore several models (Melissa).avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black nude fucking [free] feet .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\horse beast public .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\CbsTemp\russian nude lesbian uncut fishy .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\fucking big glans circumcision .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\japanese cum trambling [free] feet mistress (Sarah).zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\african hardcore licking .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\trambling hot (!) (Melissa).zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\indian fetish blowjob several models (Janette).mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\action trambling public .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\danish porn bukkake public feet ejaculation .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\french xxx public latex .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\assembly\temp\tyrkish nude sperm [free] hairy .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish porn horse full movie young .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish fetish trambling [free] hotel .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\nude fucking girls cock .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\canadian bukkake several models blondie .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\british horse catfight hole Ôï .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian nude bukkake hot (!) (Sarah).mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian beastiality hardcore girls titts penetration .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cumshot blowjob catfight mature .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\swedish handjob trambling hot (!) YEâPSè& (Kathrin,Sylvia).rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\cumshot sperm uncut (Jade).avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\danish horse sperm masturbation latex .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian sperm [bangbus] .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\african hardcore public titts swallow .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\nude horse hidden sm .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn beast [free] .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\beast masturbation mature .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\swedish nude hardcore lesbian cock ejaculation .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\canadian trambling [milf] (Melissa).rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\chinese xxx [milf] glans young (Sylvia).zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\lingerie sleeping penetration .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\malaysia lesbian catfight gorgeoushorny .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german beast voyeur cock .mpg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\american porn trambling voyeur .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\PLA\Templates\beast several models feet .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\canadian fucking catfight cock stockings .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\malaysia xxx public cock (Gina,Samantha).zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia lingerie public cock lady .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\bukkake lesbian shower .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\danish cumshot xxx lesbian glans Ôï .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\blowjob public titts .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\horse hot (!) shower .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\italian nude bukkake hot (!) feet .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian action xxx catfight feet .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\assembly\tmp\fucking lesbian feet balls .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx licking hole .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese action trambling uncut .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\russian beastiality trambling voyeur bondage .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\spanish gay sleeping leather .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian cum gay [bangbus] mistress .rar.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cumshot sperm licking .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\action hardcore several models girly (Gina,Samantha).mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\brasilian fetish xxx hot (!) glans mistress .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\porn blowjob [bangbus] .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\malaysia horse big leather .zip.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\cumshot sperm full movie .mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\InputMethod\SHARED\italian nude beast public (Curtney).mpeg.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian horse lingerie hot (!) feet 50+ .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\chinese beast masturbation titts castration .avi.exe	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4792	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4792	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2652	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2652	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4848	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4848	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3976	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3976	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1612	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1612	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1584	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1584	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2876	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
2876	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3532	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
3532	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
404	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
404	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 2564	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	87
PID 3120 wrote to memory of 2564	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	87
PID 3120 wrote to memory of 2564	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	87
PID 3120 wrote to memory of 2716	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	88
PID 3120 wrote to memory of 2716	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	88
PID 3120 wrote to memory of 2716	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	88
PID 2564 wrote to memory of 2208	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	89
PID 2564 wrote to memory of 2208	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	89
PID 2564 wrote to memory of 2208	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	89
PID 2716 wrote to memory of 1732	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	94
PID 2716 wrote to memory of 1732	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	94
PID 2716 wrote to memory of 1732	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	94
PID 3120 wrote to memory of 1264	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	95
PID 3120 wrote to memory of 1264	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	95
PID 3120 wrote to memory of 1264	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	95
PID 2564 wrote to memory of 4032	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	96
PID 2564 wrote to memory of 4032	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	96
PID 2564 wrote to memory of 4032	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	96
PID 2208 wrote to memory of 1572	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	97
PID 2208 wrote to memory of 1572	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	97
PID 2208 wrote to memory of 1572	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	97
PID 1732 wrote to memory of 4792	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	98
PID 1732 wrote to memory of 4792	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	98
PID 1732 wrote to memory of 4792	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	98
PID 2716 wrote to memory of 2652	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	99
PID 2716 wrote to memory of 2652	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	99
PID 2716 wrote to memory of 2652	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	99
PID 3120 wrote to memory of 4848	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	101
PID 3120 wrote to memory of 4848	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	101
PID 3120 wrote to memory of 4848	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	101
PID 2564 wrote to memory of 1612	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	102
PID 2564 wrote to memory of 1612	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	102
PID 2564 wrote to memory of 1612	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	102
PID 2208 wrote to memory of 3976	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	103
PID 2208 wrote to memory of 3976	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	103
PID 2208 wrote to memory of 3976	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	103
PID 1264 wrote to memory of 1584	1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	104
PID 1264 wrote to memory of 1584	1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	104
PID 1264 wrote to memory of 1584	1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	104
PID 1572 wrote to memory of 3532	1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	106
PID 1572 wrote to memory of 3532	1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	106
PID 1572 wrote to memory of 3532	1572	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	106
PID 4032 wrote to memory of 2876	4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	105
PID 4032 wrote to memory of 2876	4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	105
PID 4032 wrote to memory of 2876	4032	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	105
PID 4792 wrote to memory of 404	4792	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	107
PID 4792 wrote to memory of 404	4792	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	107
PID 4792 wrote to memory of 404	4792	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	107
PID 1732 wrote to memory of 1336	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	108
PID 1732 wrote to memory of 1336	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	108
PID 1732 wrote to memory of 1336	1732	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	108
PID 2716 wrote to memory of 948	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	109
PID 2716 wrote to memory of 948	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	109
PID 2716 wrote to memory of 948	2716	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	109
PID 2208 wrote to memory of 4432	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	110
PID 2208 wrote to memory of 4432	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	110
PID 2208 wrote to memory of 4432	2208	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	110
PID 2564 wrote to memory of 748	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	111
PID 2564 wrote to memory of 748	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	111
PID 2564 wrote to memory of 748	2564	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	111
PID 3120 wrote to memory of 1932	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	112
PID 3120 wrote to memory of 1932	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	112
PID 3120 wrote to memory of 1932	3120	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	112
PID 1264 wrote to memory of 3676	1264	e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe	113

C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13592
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13276
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13448
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13440
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:1840
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:10412
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13048
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      Checks computer location settings
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        7⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13656
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13472
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13212
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13064
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13520
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:9392
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13456
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        6⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13576
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:5044
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:14076
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:10336
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13024
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
        5⤵
        
        PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:16896
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:11716
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13844
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:11108
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13260
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
      4⤵
      PID:13072
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:8020
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13544
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  PID:5748
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:10556
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13300
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  PID:8072
- - C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
    3⤵
    PID:13684
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  PID:10324
- C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\e97a8615e0d5ff74d21d9d79b7e1d2c0_NEIKI.exe"
  2⤵
  PID:13344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian voyeur .zip.exe

Filesize
134KB

MD5
a9fec7e8347735a59a007c5648fa448a

SHA1
fb4d435eb4164dc657a7e538930f6e09c599b7df

SHA256
a514a171a8e8bbbc1a7058ccadd7611357af23b09d84e43d3358f1dd1a146f71

SHA512
f57df102408d8fd502a13b8cae776f8230edb8dd58d4ea99b871ed4b5a2fc2a0063638ea53631105140c3daaf364b9a91be1dca679b19087b2627e000b0c3cf1

Download Submit
memory/404-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/548-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/748-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/760-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/760-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/948-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/948-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1264-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1264-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1336-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1336-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1572-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1584-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1584-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1612-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1732-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1732-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1932-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2028-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2208-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2564-25-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2652-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2652-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2716-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2716-160-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2876-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3028-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-467-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-304-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3312-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3532-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3532-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3676-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3676-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3976-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4032-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4032-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4240-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4432-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4432-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4792-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4792-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4848-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5128-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5328-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5344-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5428-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5428-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5472-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5472-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5480-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5480-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5524-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5600-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5600-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5612-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5624-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5636-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5636-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5644-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5652-295-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5660-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5668-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5676-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5684-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5692-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5700-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5700-283-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5708-253-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5708-289-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5716-291-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5724-290-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5732-292-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5740-293-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5748-294-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5828-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5828-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6224-288-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6224-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6476-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6528-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6688-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6696-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6704-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6756-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6796-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6856-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6908-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6916-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6984-284-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7040-285-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7088-286-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7096-287-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download