3d7149f52199ee55e600db8df94cade868e42e342c22a2856fb459af3011982d

Analysis

max time kernel
12s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21c81e5746ea3309566e02bf40819770_NEIKI.exe
Size

1.5MB
MD5

21c81e5746ea3309566e02bf40819770
SHA1

7b62adb6d3caf91fd3353242525642705cf66bcd
SHA256

3d7149f52199ee55e600db8df94cade868e42e342c22a2856fb459af3011982d
SHA512

2bd67e441f97d56c90096c54d6e0c2f75339b97731ad327c5c3a3b5bec3292ebe45d121ae2d3e3084dbf6f2d88386eae16b4dd92c907c769fc46823235f6e1db
SSDEEP

49152:+vVJy/eVDygMhORnXqNsBeagjqElKla7c52nGxWEBY6g:+/Ryg+OlC6e6sKlCc5CCg

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4660-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x000b000000023b82-5.dat	upx
behavioral2/memory/912-25-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1740-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4388-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3324-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1148-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4660-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/748-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/912-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4088-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4664-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3780-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1628-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2200-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2672-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1488-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4136-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3020-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4660-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2784-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4388-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/656-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3200-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/704-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2680-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2632-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4088-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3780-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3444-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3344-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2512-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2656-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4664-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3744-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5308-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5292-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1488-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2672-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5316-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5276-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1944-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/656-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5300-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5340-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5332-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5036-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2784-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3532-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2680-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2632-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2656-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6212-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2892-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5248-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5520-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1956-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/704-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6172-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6232-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5396-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3440-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2512-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6244-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\V:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Z:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\A:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\I:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\P:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Q:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\T:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\W:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\Y:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\B:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\H:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\L:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\N:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\R:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\X:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\E:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\J:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\K:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\O:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\G:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\M:	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File opened (read-only)	\??\U:	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\asian horse hardcore girls fishy .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia handjob xxx [milf] (Samantha,Janette).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse hidden vagina (Anniston,Christine).mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse [free] lady (Liz).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang voyeur (Samantha,Sylvia).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob xxx girls titts redhair .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn handjob [milf] boots .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish gay several models sweet .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish beastiality uncut shoes .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\danish animal several models glans traffic .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian cumshot uncut 50+ .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese horse lesbian vagina 40+ (Karin,Britney).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\african bukkake horse uncut boobs .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian cumshot several models granny .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum cumshot full movie nipples 50+ .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie beastiality several models nipples latex .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\handjob [milf] ¼ë .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\nude cumshot sleeping glans swallow (Melissa,Sarah).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Templates\african beastiality bukkake lesbian nipples shower .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian cum girls boobs (Sarah).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish beastiality porn catfight .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\american sperm animal big (Christine).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\horse gang bang sleeping balls .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum lesbian full movie .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse porn full movie YEâPSè& .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\asian fucking [milf] cock upskirt .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\french handjob fucking girls black hairunshaved .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian beastiality licking pregnant (Jenna).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse gay big .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\horse trambling [free] mistress .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\swedish horse fucking licking .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian bukkake masturbation .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\malaysia handjob [bangbus] high heels .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\cumshot girls 40+ .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia animal kicking sleeping .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black handjob sleeping YEâPSè& (Samantha,Tatjana).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie handjob full movie ejaculation .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\handjob nude public .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\horse bukkake full movie (Jade,Christine).zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american gang bang fucking uncut girly .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\fetish [bangbus] glans .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\bukkake blowjob several models .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\fucking [free] feet .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian beast voyeur legs bedroom .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\russian trambling horse big .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french action lesbian big sm .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian lesbian xxx hidden vagina wifey (Melissa).avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black horse lesbian public .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking full movie circumcision .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian kicking [milf] traffic .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\xxx sperm voyeur titts (Britney).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\blowjob several models upskirt .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\lingerie nude full movie castration .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\british beastiality kicking masturbation vagina .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\japanese gay several models .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\hardcore sperm sleeping vagina mistress .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\japanese gay [milf] .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\CbsTemp\norwegian bukkake voyeur granny .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\cumshot sleeping boots (Janette,Melissa).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\mssrv.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian handjob full movie beautyfull .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\russian nude porn public vagina (Sarah,Gina).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\danish beast blowjob masturbation hole .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\japanese hardcore handjob full movie upskirt (Sonja).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\hardcore action hot (!) (Curtney).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british porn lesbian lady .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\horse trambling licking (Curtney).mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french xxx gang bang [free] hairy .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\kicking hot (!) (Christine,Britney).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beast action hidden .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian horse full movie boobs .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\lesbian uncut cock .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse trambling hidden .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\french trambling kicking [milf] granny .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese blowjob horse [bangbus] leather .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\italian lingerie fetish several models legs swallow .zip.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\russian sperm horse girls .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\temp\action public titts upskirt .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\action lingerie voyeur boots .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese lingerie nude full movie 50+ .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\xxx porn [bangbus] titts granny .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american kicking sleeping boobs sm (Christine).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\russian cumshot catfight (Tatjana).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black hardcore hidden boobs stockings .rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\security\templates\tyrkish nude beastiality full movie girly .mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american cum [free] cock (Christine).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\InputMethod\SHARED\swedish kicking porn girls wifey (Gina).mpeg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\black cumshot hot (!) (Janette,Janette).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fetish cumshot full movie black hairunshaved .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\beast public cock .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\sperm trambling big bondage .avi.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian hardcore big cock stockings (Melissa,Sylvia).rar.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\asian porn [bangbus] blondie .mpg.exe	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1148	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1148	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3324	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3324	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
912	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3200	21c81e5746ea3309566e02bf40819770_NEIKI.exe
748	21c81e5746ea3309566e02bf40819770_NEIKI.exe
748	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4088	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4088	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3780	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3780	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4664	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4664	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3444	21c81e5746ea3309566e02bf40819770_NEIKI.exe
3444	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe
4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 912	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	87
PID 4660 wrote to memory of 912	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	87
PID 4660 wrote to memory of 912	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	87
PID 912 wrote to memory of 1628	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	88
PID 912 wrote to memory of 1628	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	88
PID 912 wrote to memory of 1628	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	88
PID 4660 wrote to memory of 1740	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	89
PID 4660 wrote to memory of 1740	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	89
PID 4660 wrote to memory of 1740	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	89
PID 912 wrote to memory of 2200	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	90
PID 912 wrote to memory of 2200	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	90
PID 912 wrote to memory of 2200	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	90
PID 4660 wrote to memory of 3020	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	91
PID 4660 wrote to memory of 3020	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	91
PID 4660 wrote to memory of 3020	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	91
PID 1740 wrote to memory of 4136	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	92
PID 1740 wrote to memory of 4136	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	92
PID 1740 wrote to memory of 4136	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	92
PID 1628 wrote to memory of 4388	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	93
PID 1628 wrote to memory of 4388	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	93
PID 1628 wrote to memory of 4388	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	93
PID 912 wrote to memory of 1148	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	96
PID 912 wrote to memory of 1148	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	96
PID 912 wrote to memory of 1148	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	96
PID 2200 wrote to memory of 3324	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	97
PID 2200 wrote to memory of 3324	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	97
PID 2200 wrote to memory of 3324	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	97
PID 1628 wrote to memory of 3200	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	98
PID 1628 wrote to memory of 3200	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	98
PID 1628 wrote to memory of 3200	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	98
PID 1740 wrote to memory of 748	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	99
PID 1740 wrote to memory of 748	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	99
PID 1740 wrote to memory of 748	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	99
PID 4660 wrote to memory of 4088	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	100
PID 4660 wrote to memory of 4088	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	100
PID 4660 wrote to memory of 4088	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	100
PID 4136 wrote to memory of 3780	4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe	101
PID 4136 wrote to memory of 3780	4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe	101
PID 4136 wrote to memory of 3780	4136	21c81e5746ea3309566e02bf40819770_NEIKI.exe	101
PID 3020 wrote to memory of 4664	3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe	102
PID 3020 wrote to memory of 4664	3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe	102
PID 3020 wrote to memory of 4664	3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe	102
PID 4388 wrote to memory of 3444	4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe	103
PID 4388 wrote to memory of 3444	4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe	103
PID 4388 wrote to memory of 3444	4388	21c81e5746ea3309566e02bf40819770_NEIKI.exe	103
PID 912 wrote to memory of 3744	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	106
PID 912 wrote to memory of 3744	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	106
PID 912 wrote to memory of 3744	912	21c81e5746ea3309566e02bf40819770_NEIKI.exe	106
PID 2200 wrote to memory of 2672	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	107
PID 2200 wrote to memory of 2672	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	107
PID 2200 wrote to memory of 2672	2200	21c81e5746ea3309566e02bf40819770_NEIKI.exe	107
PID 1148 wrote to memory of 1488	1148	21c81e5746ea3309566e02bf40819770_NEIKI.exe	108
PID 1148 wrote to memory of 1488	1148	21c81e5746ea3309566e02bf40819770_NEIKI.exe	108
PID 1148 wrote to memory of 1488	1148	21c81e5746ea3309566e02bf40819770_NEIKI.exe	108
PID 1628 wrote to memory of 5036	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	109
PID 1628 wrote to memory of 5036	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	109
PID 1628 wrote to memory of 5036	1628	21c81e5746ea3309566e02bf40819770_NEIKI.exe	109
PID 1740 wrote to memory of 2784	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	110
PID 1740 wrote to memory of 2784	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	110
PID 1740 wrote to memory of 2784	1740	21c81e5746ea3309566e02bf40819770_NEIKI.exe	110
PID 4660 wrote to memory of 656	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	111
PID 4660 wrote to memory of 656	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	111
PID 4660 wrote to memory of 656	4660	21c81e5746ea3309566e02bf40819770_NEIKI.exe	111
PID 3020 wrote to memory of 1944	3020	21c81e5746ea3309566e02bf40819770_NEIKI.exe	112

C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:912
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        9⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16992
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16672
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16776
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:17944
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12116
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:14824
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16244
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16276
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16504
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16496
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12700
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:16252
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        7⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16848
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:13960
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16512
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16552
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:8684
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12092
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:15756
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:17900
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12732
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:16784
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:656
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16348
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:17928
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:14720
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:14632
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:5216
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
      4⤵
      PID:16356
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12496
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:16280
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:16480
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:8728
- - C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
    3⤵
    PID:16648
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:12708
- C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\21c81e5746ea3309566e02bf40819770_NEIKI.exe"
  2⤵
  PID:16268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian cum girls boobs (Sarah).rar.exe

Filesize
292KB

MD5
975fd589b4d5410dd2f97ff9fc08d324

SHA1
70d1b28565644b487c8d3b40b0172609101842f1

SHA256
4f78869a2fdbd0360d6ac25b6c9feba7a185c80af72137cb019ce6e57ade8f1d

SHA512
e91f3bbb903395a0dda53196a0faa206af2b235f04bd074f5326fb366d1b8f08d40321322e05d40497ca1b0905dab8bc22bd608a091746b3b46a29c9fab1ee82

Download Submit
memory/656-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/656-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/704-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/704-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/748-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/912-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/912-25-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1148-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1488-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1488-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1628-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1740-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1944-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1956-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2200-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2512-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2512-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2632-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2632-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2656-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2656-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2672-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2672-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2784-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2784-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2892-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3020-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3200-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3324-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3344-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3344-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3440-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3444-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3532-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3532-286-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3744-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3780-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3780-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4088-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4088-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4136-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4388-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4388-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4660-288-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4660-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4660-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4660-446-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4660-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4664-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4664-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5036-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5228-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5240-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5248-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5252-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5260-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5276-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5276-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5284-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5292-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5292-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5308-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5308-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5316-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5316-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5324-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5340-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5340-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5348-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5356-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5520-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5520-289-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6172-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6212-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6232-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6244-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6252-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6344-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6552-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6588-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6604-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6620-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6636-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6644-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6652-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6660-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6696-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7176-287-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7556-290-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7568-291-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7576-292-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download