13eb1a580652608946fe646f3b1522a35188d16a9e3fe22f3b02f419879cf3ce

Analysis

max time kernel
15s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Size

1.6MB
MD5

9bb5d670b6b9fb12149d7cf37718fcb0
SHA1

806cfd06938bf6450c0adf9547f20517dbc38579
SHA256

13eb1a580652608946fe646f3b1522a35188d16a9e3fe22f3b02f419879cf3ce
SHA512

6913fcc4400537f969e57ce412fb5262e6d739b73be6b07ba876f332ac62ac5bd5f2c2c78a592b9468b7df9cab5c6c923cde16ddb82c1c924c73afc0a1ed51f6
SSDEEP

24576:t2XqxreVdAN65dycKIJRwBeADNCu+s8FIlNil6ubDhrjxMF406hKmJHzKMpJMy9e:QXq3cTUNtj8KlEgCVjCFxsHzHBm8KT

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1228-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x000700000002342e-5.dat	upx
behavioral2/memory/4132-35-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2172-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2252-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2492-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2472-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/944-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5044-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4172-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4668-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1228-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2536-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4132-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1168-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2172-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2252-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3892-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2944-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2472-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2808-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1228-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2492-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5100-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2400-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4952-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2708-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1220-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/944-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4168-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5044-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4172-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2536-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1168-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1752-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2704-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4924-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2808-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5164-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1444-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1212-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2400-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2708-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5320-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5312-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5264-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5256-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5240-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5232-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5216-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4952-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5296-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5248-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5344-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5336-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4168-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5328-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/908-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6136-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6124-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4312-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2652-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5500-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4924-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\G:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\H:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\P:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\Y:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\E:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\J:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\L:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\M:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\O:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\S:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\W:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\K:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\Q:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\R:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\T:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\U:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\V:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\X:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\B:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\I:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\N:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File opened (read-only)	\??\Z:	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse gay [milf] glans wifey (Janette).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian handjob animal hidden stockings .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian porn lesbian gorgeoushorny .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish gang bang licking legs .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian kicking masturbation bondage .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish masturbation vagina girly .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish kicking handjob public (Liz,Gina).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\kicking porn full movie legs boots .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia handjob licking cock (Sonja).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian bukkake gay big .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\System32\DriverStore\Temp\norwegian blowjob cum [bangbus] ash fishy .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm voyeur feet .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\hardcore hardcore licking wifey .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british lingerie catfight glans girly .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\spanish action [milf] swallow (Sarah).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Temp\canadian animal fucking public bondage .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese gang bang hot (!) traffic .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\malaysia gay beastiality catfight titts .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\beastiality sleeping redhair .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Temp\norwegian xxx public (Sonja,Britney).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\asian lesbian lingerie big cock .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\african trambling horse big .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse catfight leather .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx cum uncut YEâPSè& .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african bukkake public vagina hairy (Tatjana,Samantha).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian blowjob sperm voyeur feet (Jenna,Ashley).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\action masturbation 50+ (Sarah,Liz).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\Download\canadian beastiality handjob catfight (Sonja,Sonja).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\handjob catfight .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian horse lesbian boobs YEâPSè& .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\russian beast [bangbus] legs .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\danish nude fucking [milf] YEâPSè& .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\italian lingerie masturbation boobs latex .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\beastiality beastiality several models feet boots (Gina,Kathrin).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\canadian porn several models (Sonja,Curtney).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\bukkake lesbian .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\japanese lesbian bukkake [free] balls .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot handjob [milf] Ôï .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\tyrkish fucking cumshot hidden .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\action bukkake [free] mature .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\tyrkish horse licking .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fetish blowjob masturbation boobs .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\black animal full movie ash upskirt .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\gay bukkake [milf] .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\sperm several models boots (Britney,Gina).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beastiality masturbation .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\brasilian horse hidden femdom (Jade,Britney).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\security\templates\fucking public feet .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\russian action hidden titts .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\PLA\Templates\danish nude [bangbus] (Ashley).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\trambling fetish lesbian pregnant .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\hardcore [bangbus] .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SoftwareDistribution\Download\british horse beast [milf] leather .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\british animal full movie femdom .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish gang bang public (Jade,Melissa).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french horse hidden .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black fetish full movie .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gang bang girls .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian gay cum sleeping granny .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\mssrv.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Downloaded Program Files\lesbian horse hidden 40+ .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese cumshot trambling [free] .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\black trambling animal [milf] femdom .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\malaysia action lesbian masturbation nipples ejaculation .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\kicking horse full movie .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\kicking licking stockings (Ashley,Kathrin).mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\lingerie beast voyeur .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish kicking horse licking granny .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\InputMethod\SHARED\animal hidden .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\russian trambling several models (Sarah,Jenna).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\trambling cumshot public .mpeg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french cum girls circumcision .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gay lingerie uncut (Sylvia).avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian cumshot blowjob public mistress .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\bukkake licking (Ashley,Anniston).avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\norwegian fetish horse masturbation beautyfull .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian lesbian animal [milf] legs young .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\fetish kicking public .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\lingerie licking bedroom .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\norwegian sperm hot (!) vagina mistress (Sylvia).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian kicking full movie high heels (Gina,Gina).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german beastiality horse hidden ash .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\porn action voyeur boobs sm (Sonja).avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob catfight ash (Anniston,Gina).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\trambling voyeur wifey (Christine,Sonja).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse horse sleeping .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\cum lesbian public boots .mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\gay big .zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beast lingerie big boobs bedroom .rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\temp\cumshot trambling licking ejaculation .avi.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black blowjob lesbian (Tatjana,Janette).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cum animal lesbian (Gina).rar.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\fucking action public bondage (Melissa,Jenna).zip.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\spanish gay licking hole (Tatjana).mpg.exe	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1220	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1220	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5044	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5044	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4668	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4668	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2536	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2536	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1168	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
1168	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
3892	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
3892	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2808	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
2808	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4132	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	85
PID 1228 wrote to memory of 4132	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	85
PID 1228 wrote to memory of 4132	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	85
PID 4132 wrote to memory of 2172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	90
PID 4132 wrote to memory of 2172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	90
PID 4132 wrote to memory of 2172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	90
PID 1228 wrote to memory of 2252	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	91
PID 1228 wrote to memory of 2252	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	91
PID 1228 wrote to memory of 2252	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	91
PID 2252 wrote to memory of 2944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	92
PID 2252 wrote to memory of 2944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	92
PID 2252 wrote to memory of 2944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	92
PID 1228 wrote to memory of 2492	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	93
PID 1228 wrote to memory of 2492	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	93
PID 1228 wrote to memory of 2492	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	93
PID 4132 wrote to memory of 2472	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	94
PID 4132 wrote to memory of 2472	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	94
PID 4132 wrote to memory of 2472	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	94
PID 2172 wrote to memory of 5100	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	95
PID 2172 wrote to memory of 5100	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	95
PID 2172 wrote to memory of 5100	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	95
PID 2252 wrote to memory of 944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	97
PID 2252 wrote to memory of 944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	97
PID 2252 wrote to memory of 944	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	97
PID 1228 wrote to memory of 1220	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	98
PID 1228 wrote to memory of 1220	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	98
PID 1228 wrote to memory of 1220	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	98
PID 4132 wrote to memory of 4172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	99
PID 4132 wrote to memory of 4172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	99
PID 4132 wrote to memory of 4172	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	99
PID 2944 wrote to memory of 5044	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	100
PID 2944 wrote to memory of 5044	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	100
PID 2944 wrote to memory of 5044	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	100
PID 2472 wrote to memory of 4668	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	101
PID 2472 wrote to memory of 4668	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	101
PID 2472 wrote to memory of 4668	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	101
PID 2172 wrote to memory of 2536	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	102
PID 2172 wrote to memory of 2536	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	102
PID 2172 wrote to memory of 2536	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	102
PID 2492 wrote to memory of 1168	2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	103
PID 2492 wrote to memory of 1168	2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	103
PID 2492 wrote to memory of 1168	2492	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	103
PID 5100 wrote to memory of 3892	5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	104
PID 5100 wrote to memory of 3892	5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	104
PID 5100 wrote to memory of 3892	5100	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	104
PID 2252 wrote to memory of 2808	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	105
PID 2252 wrote to memory of 2808	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	105
PID 2252 wrote to memory of 2808	2252	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	105
PID 944 wrote to memory of 1444	944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	106
PID 944 wrote to memory of 1444	944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	106
PID 944 wrote to memory of 1444	944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	106
PID 1228 wrote to memory of 2400	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	108
PID 1228 wrote to memory of 2400	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	108
PID 1228 wrote to memory of 2400	1228	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	108
PID 4132 wrote to memory of 4952	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	109
PID 4132 wrote to memory of 4952	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	109
PID 4132 wrote to memory of 4952	4132	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	109
PID 2472 wrote to memory of 2708	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	110
PID 2472 wrote to memory of 2708	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	110
PID 2472 wrote to memory of 2708	2472	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	110
PID 2944 wrote to memory of 4168	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	111
PID 2944 wrote to memory of 4168	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	111
PID 2944 wrote to memory of 4168	2944	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	111
PID 2172 wrote to memory of 4312	2172	9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe	112

C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        9⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:21396
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:21324
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:24400
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:21388
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:19668
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:19868
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:19488
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:21356
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:21420
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19168
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:21304
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:21380
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:21332
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:20284
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:23320
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:23992
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19480
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21436
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:24392
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19152
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20788
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19004
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:20428
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19660
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:18640
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18900
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21404
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:23984
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18648
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19776
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20664
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:24368
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18932
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:18636
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19512
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21348
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18716
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19160
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19652
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18892
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19636
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:21292
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19332
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20304
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19760
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:17468
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:14928
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:21428
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        8⤵
        
        PID:24560
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:20520
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:24004
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:20384
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19496
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21316
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19752
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:23808
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21916
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18676
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:24568
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20352
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:24012
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:23784
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18692
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18756
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20364
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:21364
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20392
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20124
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15700
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:14856
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:18940
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18948
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:19464
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:21284
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:24376
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19348
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20436
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:21732
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19472
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:24360
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20772
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18908
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:17916
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:15440
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:21048
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:20444
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:18708
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18732
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:23344
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:2636
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:24384
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20116
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:8708
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:316
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:14728
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:18988
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:20400
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:21412
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:11076
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:15048
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:17864
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:5328
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:18592
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
      "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:15088
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:3560
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:6608
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:13104
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:14748
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:18972
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:8816
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:11560
- - C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:14880
- C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe
  "C:\Users\Admin\AppData\Local\Temp\9bb5d670b6b9fb12149d7cf37718fcb0_NEIKI.exe"
  2⤵
  PID:18964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese gang bang hot (!) traffic .mpg.exe

Filesize
1.7MB

MD5
d44004073f5e877219550f12c9c5d764

SHA1
ad765b7acbd4d70d553606ec4f206a971f065488

SHA256
2171769c11dbc36f2e2ed567e8abba7ec3df223863653cf43a5faad0d94a5c00

SHA512
17bf70ebee446ff3aa890f48e372fbbc99e31ebc0ad0e29a88ac301990eea660266104c2f78d7008cc770a6e1411bb11712e952ac7188e059df2bf64294a0bc0

Download Submit
C:\debug.txt

Filesize
146B

MD5
8289674bb5643ffe8a5a80539adaa865

SHA1
bff55b37e48eeae9834ba0d132ba275cf2ccf92b

SHA256
87d31162cbc4a1908501e651739e9db9b0331fbd35cd2f567a0858aab02f4636

SHA512
6d6b8b8f1c3cd8e3df61e91b6b648935e961fd30cd4a35f87ce704ecbf913c3a8baef106fbabbb0ee63e8a88373ff489684a77fae36d6bae6c42ba0f4e5a3d0e

Download Submit
memory/784-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/908-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/944-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/944-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1168-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1168-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1212-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1220-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-519-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-342-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1228-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1444-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1752-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1752-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2172-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2172-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2204-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2252-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2252-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2400-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2400-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2536-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2536-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2652-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2704-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2708-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2708-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2808-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2808-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2944-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3324-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3892-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4132-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4132-35-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4168-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4168-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4172-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4172-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4312-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4668-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4924-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4924-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4952-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4952-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5044-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5044-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5100-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5164-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5164-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5196-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5232-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5232-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5240-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5240-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5248-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5248-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5256-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5256-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5264-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5264-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5272-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5280-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5288-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5296-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5296-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5304-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5320-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5320-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5328-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5328-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5336-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5336-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5344-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5344-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5500-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6124-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6124-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6136-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6136-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6216-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6224-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6232-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6240-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6248-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6272-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6360-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6648-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6656-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6664-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download