d21f40e7da3863ebdaa474f3194c276e16d92ac56e1fc1a6e7e68552b1161c05

Analysis

max time kernel
12s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Size

1.1MB
MD5

3984aa3180c13d403e1da77191b94d10
SHA1

044674e40b8c06ca0c27dbba49589935fd438a9b
SHA256

d21f40e7da3863ebdaa474f3194c276e16d92ac56e1fc1a6e7e68552b1161c05
SHA512

348b3cfd627cf03f329c845fef9f25493be645c87f74ef0ae07b64bd5adbf0c011c79b389f68fdf230c6e878edad987d648603ea45676644c64b42278eff6178
SSDEEP

24576:t2fxt9v6gKJF4MEhSDhUGm3yyxfJSswrEqwJ3UfOej1NWntr0Mo:QZt3MEhQhXmpxhSswrH3OepNWndno

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3672-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x000a000000023b8a-5.dat	upx
behavioral2/memory/1340-57-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/548-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3944-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1496-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/824-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5048-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2936-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1308-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4852-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3672-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1340-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4600-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/548-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/456-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1496-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2436-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/644-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/824-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5048-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3672-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2936-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3028-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1308-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4852-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1700-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4600-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/456-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1856-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2612-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5188-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/644-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3180-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1592-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4224-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3036-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5380-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1776-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5188-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2612-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2548-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5624-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5312-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5600-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5272-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2204-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3440-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5324-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5672-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5244-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5380-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5592-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5576-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6376-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5564-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5608-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5584-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5552-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6504-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6452-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6420-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6412-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6884-259-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\W:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\A:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\E:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\M:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\P:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Q:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\G:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\I:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\R:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\T:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Z:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\H:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\J:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\L:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\O:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\Y:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\X:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\B:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\K:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\N:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\S:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File opened (read-only)	\??\U:	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish action xxx sleeping hole gorgeoushorny .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian horse horse [bangbus] titts ejaculation .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian beastiality bukkake public feet .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian kicking beast lesbian titts bondage .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian horse [milf] cock .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\trambling licking granny .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling uncut titts .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\bukkake licking .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian action fucking [bangbus] Œã (Christine,Karin).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse catfight cock wifey .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black handjob beast catfight glans ejaculation (Sylvia).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian fetish blowjob licking 50+ .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian sleeping glans fishy (Jade).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast public hairy .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake several models (Curtney).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx licking castration .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american fetish bukkake [milf] hairy (Christine,Jade).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese gay voyeur hairy (Jenna,Jade).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\dotnet\shared\indian beastiality blowjob lesbian hairy .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american cumshot lingerie full movie shoes .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american cum fucking [milf] penetration .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx masturbation .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie masturbation traffic .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Templates\sperm masturbation glans ash (Sarah).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black action horse sleeping glans (Kathrin,Curtney).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish fetish horse uncut hole .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\russian action xxx [bangbus] high heels .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian animal lesbian masturbation glans granny .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese fetish trambling [milf] latex .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\african sperm [bangbus] hole shower (Sarah).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\russian nude bukkake hot (!) 40+ .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia bukkake big glans mistress .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\asian hardcore hot (!) cock black hairunshaved .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\cumshot xxx full movie young .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american action fucking uncut cock (Britney,Karin).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\PLA\Templates\tyrkish porn bukkake girls fishy .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\danish cum lingerie uncut beautyfull (Sandy,Tatjana).mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\handjob lingerie [bangbus] glans lady (Karin).avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\french sperm sleeping feet .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\horse trambling licking leather (Gina,Karin).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\action horse hidden castration (Sonja,Sylvia).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\chinese hardcore hidden glans beautyfull .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish beastiality horse full movie cock wifey .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian sperm [free] hole .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\tyrkish porn blowjob full movie glans (Christine,Liz).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\african beast big (Sarah).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese horse licking cock lady (Liz).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\InputMethod\SHARED\xxx girls cock .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese handjob lingerie girls cock .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm full movie glans shoes .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese nude lesbian big .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\bukkake masturbation .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob girls .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\canadian xxx licking hole .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\CbsTemp\gay hidden pregnant .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse catfight hotel (Sonja,Karin).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\german trambling catfight glans 50+ (Sylvia).mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish porn lesbian lesbian glans 50+ .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\brasilian gang bang hardcore several models fishy .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\norwegian gay public blondie .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\danish nude hardcore [bangbus] cock .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese horse lesbian .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob masturbation .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black handjob beast full movie (Liz).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\black fetish bukkake full movie leather .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\black handjob horse big mistress .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian handjob gay girls beautyfull .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french fucking girls leather .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\gang bang lingerie [milf] .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\spanish blowjob sleeping stockings .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast uncut hole .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian hardcore licking girly .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish porn trambling [milf] titts 50+ .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\japanese handjob fucking catfight titts .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\spanish gay [milf] (Samantha).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\kicking xxx masturbation YEâPSè& .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cumshot hardcore [free] penetration .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\lingerie hidden glans gorgeoushorny .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish cum sperm licking hole upskirt (Liz).rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\tyrkish animal sperm sleeping glans bedroom .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french horse sleeping hole leather .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian gay catfight feet castration (Jade).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\spanish xxx [free] .mpg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african gay big high heels .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\african bukkake sleeping granny (Gina,Karin).zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\assembly\tmp\italian cum sperm [bangbus] .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\nude sperm voyeur sweet .avi.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\trambling public .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\american animal beast several models titts .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian blowjob masturbation .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\brasilian cumshot trambling several models feet .rar.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian cumshot lingerie [free] ash .mpeg.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian animal hardcore public shoes .zip.exe	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3028	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3028	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1308	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1308	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
4852	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
4852	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1700	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1700	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1856	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1856	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
4600	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
4600	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
456	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
456	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2436	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2436	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe
2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 1340	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	86
PID 3672 wrote to memory of 1340	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	86
PID 3672 wrote to memory of 1340	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	86
PID 1340 wrote to memory of 548	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	89
PID 1340 wrote to memory of 548	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	89
PID 1340 wrote to memory of 548	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	89
PID 3672 wrote to memory of 3944	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	90
PID 3672 wrote to memory of 3944	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	90
PID 3672 wrote to memory of 3944	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	90
PID 1340 wrote to memory of 1496	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	93
PID 1340 wrote to memory of 1496	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	93
PID 1340 wrote to memory of 1496	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	93
PID 3672 wrote to memory of 824	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	94
PID 3672 wrote to memory of 824	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	94
PID 3672 wrote to memory of 824	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	94
PID 548 wrote to memory of 5048	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	95
PID 548 wrote to memory of 5048	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	95
PID 548 wrote to memory of 5048	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	95
PID 3944 wrote to memory of 2936	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	96
PID 3944 wrote to memory of 2936	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	96
PID 3944 wrote to memory of 2936	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	96
PID 1340 wrote to memory of 3028	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	98
PID 1340 wrote to memory of 3028	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	98
PID 1340 wrote to memory of 3028	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	98
PID 3672 wrote to memory of 1308	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	99
PID 3672 wrote to memory of 1308	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	99
PID 3672 wrote to memory of 1308	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	99
PID 548 wrote to memory of 4852	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	100
PID 548 wrote to memory of 4852	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	100
PID 548 wrote to memory of 4852	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	100
PID 3944 wrote to memory of 1700	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	101
PID 3944 wrote to memory of 1700	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	101
PID 3944 wrote to memory of 1700	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	101
PID 1496 wrote to memory of 1856	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	102
PID 1496 wrote to memory of 1856	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	102
PID 1496 wrote to memory of 1856	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	102
PID 5048 wrote to memory of 4600	5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	103
PID 5048 wrote to memory of 4600	5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	103
PID 5048 wrote to memory of 4600	5048	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	103
PID 824 wrote to memory of 456	824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	104
PID 824 wrote to memory of 456	824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	104
PID 824 wrote to memory of 456	824	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	104
PID 2936 wrote to memory of 2436	2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	105
PID 2936 wrote to memory of 2436	2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	105
PID 2936 wrote to memory of 2436	2936	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	105
PID 1340 wrote to memory of 644	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	107
PID 1340 wrote to memory of 644	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	107
PID 1340 wrote to memory of 644	1340	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	107
PID 3672 wrote to memory of 3180	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	108
PID 3672 wrote to memory of 3180	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	108
PID 3672 wrote to memory of 3180	3672	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	108
PID 548 wrote to memory of 4224	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	109
PID 548 wrote to memory of 4224	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	109
PID 548 wrote to memory of 4224	548	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	109
PID 1308 wrote to memory of 1592	1308	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	110
PID 1308 wrote to memory of 1592	1308	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	110
PID 1308 wrote to memory of 1592	1308	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	110
PID 1496 wrote to memory of 3036	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	111
PID 1496 wrote to memory of 3036	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	111
PID 1496 wrote to memory of 3036	1496	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	111
PID 3944 wrote to memory of 1776	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	112
PID 3944 wrote to memory of 1776	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	112
PID 3944 wrote to memory of 1776	3944	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	112
PID 3028 wrote to memory of 3440	3028	3984aa3180c13d403e1da77191b94d10_NEIKI.exe	113

C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1340
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        8⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16592
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15908
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16892
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12416
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:15720
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3944
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        7⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16112
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15868
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15820
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12424
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:3152
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16584
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16024
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15940
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12504
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16560
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        6⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15748
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:16844
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12408
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16544
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15852
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:15972
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:17752
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:1404
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16656
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:5664
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16552
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:6796
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:12552
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16432
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:8664
- - C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
    3⤵
    PID:16924
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:12472
- C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\3984aa3180c13d403e1da77191b94d10_NEIKI.exe"
  2⤵
  PID:16600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx licking castration .mpeg.exe

Filesize
2.1MB

MD5
4fcba8d52d1294b78b511f173325934f

SHA1
e0a9d4d35e4e6ce654660b41078d915d89bd3833

SHA256
1c7d3bec3b8bc470ef65753f3af97c42b5be3f9cc0701eb10d7536a29278dd1c

SHA512
9c4007e2518c3301cdccab7fc7ae3f76160891e5af34be7c579821e6b82a34d80fcd96954af3116758eb84fc824ffbf3ebed88651ec46ca6a51e64c3ce4f6959

Download Submit
memory/456-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/456-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/548-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/548-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/644-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/644-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/824-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/824-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1308-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1308-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1340-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1340-57-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1496-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1592-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1700-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1776-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2204-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2436-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2548-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2612-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3028-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3036-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3180-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3440-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3672-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3672-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3672-441-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3672-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3672-289-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3944-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4224-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4600-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4600-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4852-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4852-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5048-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5048-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5188-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5188-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5244-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5272-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5324-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5380-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5380-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5552-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5564-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5576-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5584-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5592-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5600-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5600-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5608-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5616-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5624-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5624-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5632-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5640-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5648-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5656-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5664-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5672-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5672-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5680-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6304-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6352-285-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6376-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6376-290-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6412-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6420-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6452-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6504-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6536-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6636-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6660-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6780-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6788-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6796-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6836-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6844-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6852-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6868-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6876-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6884-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7284-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7568-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7576-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7584-284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7664-286-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7672-287-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7680-291-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7688-288-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7824-292-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7836-293-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download