a2645ff468df5ff29d2716036ebd15861b1aea593e75334525150eaeff192cc5

Analysis

max time kernel
12s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Size

1.9MB
MD5

2e1c055f527a18a1c0327d84c9e113d0
SHA1

179c67b998cc05fe2fecc408a15a1cfcfeb91ba9
SHA256

a2645ff468df5ff29d2716036ebd15861b1aea593e75334525150eaeff192cc5
SHA512

27e69897e007df51d722105fe2165f9ebc0785d5916d674ec497c184403418cd3693fddcf1dd5df0e368dc0146502bf3946f5aa40fbe7670ba7cf926054dd8c5
SSDEEP

49152:jEHurc42B/61tHbvzwFKdMVJus/G2nTUxFgLJN3tGCNx5QMc:jEHgEF4HovzuqkxgrdGK5Hc

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4840-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/files/0x000700000002341a-5.dat	upx
behavioral2/memory/3152-70-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4980-152-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3032-153-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4824-180-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4656-181-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4564-183-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2668-182-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4000-184-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1992-185-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5080-186-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1984-187-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1544-188-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4948-189-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2804-190-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2820-191-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4988-193-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5008-194-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4184-195-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4768-196-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3104-197-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4724-198-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4640-200-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/400-201-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/644-199-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3132-202-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3004-204-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4684-203-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4536-208-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3000-206-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/640-205-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4212-207-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5256-212-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5264-214-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5272-213-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5280-216-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5288-215-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5312-217-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5320-218-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5328-219-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5336-220-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5352-221-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5924-222-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5368-223-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5520-228-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5360-227-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5376-224-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6116-226-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6072-225-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5692-229-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6208-230-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6256-231-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6312-234-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6288-237-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6328-236-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6320-235-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6416-242-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6356-244-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6344-243-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6304-241-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6336-240-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6604-245-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6616-246-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob handjob catfight leather (Sandy,Britney).mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish animal hidden glans (Christine).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black gay action [milf] cock .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian nude [bangbus] .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake girls .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish lesbian lingerie voyeur glans beautyfull (Tatjana).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\handjob action [bangbus] (Sonja).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cumshot horse girls legs black hairunshaved (Tatjana).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian gay sperm [milf] femdom .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german fucking masturbation .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian blowjob sperm public leather .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish xxx [free] femdom (Britney,Sylvia).mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\swedish fucking cumshot masturbation beautyfull .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese cum sleeping titts YEâPSè& .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast [milf] leather .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian porn several models castration (Ashley,Sonja).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian cumshot nude hidden .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9470.tmp\trambling xxx [bangbus] (Samantha).rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\african fucking uncut (Curtney,Sylvia).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\chinese lingerie sperm sleeping pregnant .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish horse [free] ash (Karin,Jenna).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie cumshot masturbation ,Ó (Ashley).mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\porn beastiality public gorgeoushorny .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian beast action hot (!) (Samantha).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african trambling bukkake several models shower .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\horse action [milf] fishy .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\brasilian xxx [bangbus] .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\xxx kicking uncut .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay several models .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay nude public ash .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black gay bukkake [free] hole leather (Karin).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\russian action big vagina upskirt .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\canadian cum several models titts femdom .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\horse licking glans blondie .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\danish lesbian public shoes (Jade,Janette).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french cum masturbation boobs (Kathrin,Jenna).rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\gay fucking licking hairy .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian cumshot horse lesbian mature (Ashley,Janette).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian gay lesbian [milf] .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\chinese kicking animal girls (Christine).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish hardcore hot (!) ash .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gang bang xxx licking 50+ .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\brasilian trambling big hole (Sarah,Anniston).mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african fucking horse sleeping circumcision .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\japanese blowjob girls gorgeoushorny .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\beast girls glans bondage (Gina).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\canadian xxx lesbian cock .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish lesbian catfight balls .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\gang bang big hole .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish action bukkake voyeur gorgeoushorny (Anniston,Sonja).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\trambling full movie stockings .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\chinese beast gang bang [free] .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\canadian lesbian full movie .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french cum sperm public hotel .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse horse big sm .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\indian beastiality action big hairy (Britney).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\chinese hardcore public hole .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african fucking [free] lady (Melissa).mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\african fucking blowjob sleeping .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\porn action several models (Britney,Kathrin).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\american nude licking .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\chinese porn uncut lady .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\hardcore fucking [free] (Sonja).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\tyrkish hardcore cumshot hot (!) boobs .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish nude beast catfight YEâPSè& .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\trambling hardcore big stockings .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\brasilian beast [bangbus] castration .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\malaysia fucking [free] legs femdom .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\canadian horse kicking hot (!) titts .zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\black fucking nude [free] boobs Ôï (Christine).avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian sperm voyeur cock (Janette).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\horse hidden .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\canadian animal fucking catfight pregnant (Anniston).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse lesbian catfight penetration .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\malaysia action porn licking cock castration (Gina).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\italian lesbian handjob [free] .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american beastiality nude licking .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\chinese sperm [free] cock .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian trambling public vagina .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian hardcore several models .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\xxx girls .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\french beast horse sleeping boots (Liz,Melissa).rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\fucking fetish several models .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\animal xxx hidden ash lady .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian beast kicking several models lady .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\canadian xxx masturbation vagina beautyfull .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\canadian fetish blowjob big black hairunshaved .rar.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\gang bang [milf] feet (Gina,Sonja).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\fucking trambling hidden gorgeoushorny .avi.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian blowjob hardcore voyeur (Britney,Sonja).zip.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\action girls 40+ .mpg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\lesbian lingerie licking hotel (Ashley).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\danish beast [bangbus] ejaculation (Sandy,Anniston).mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore bukkake full movie hole shoes .mpeg.exe	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4000	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4000	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1992	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1992	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
5080	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
5080	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1544	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1544	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1984	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
1984	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4948	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4948	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2804	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2804	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2820	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2820	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 3152	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	86
PID 4840 wrote to memory of 3152	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	86
PID 4840 wrote to memory of 3152	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	86
PID 4840 wrote to memory of 4980	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	92
PID 4840 wrote to memory of 4980	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	92
PID 4840 wrote to memory of 4980	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	92
PID 3152 wrote to memory of 3032	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	93
PID 3152 wrote to memory of 3032	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	93
PID 3152 wrote to memory of 3032	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	93
PID 4840 wrote to memory of 4824	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	95
PID 4840 wrote to memory of 4824	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	95
PID 4840 wrote to memory of 4824	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	95
PID 3152 wrote to memory of 4656	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	96
PID 3152 wrote to memory of 4656	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	96
PID 3152 wrote to memory of 4656	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	96
PID 4980 wrote to memory of 2668	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	97
PID 4980 wrote to memory of 2668	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	97
PID 4980 wrote to memory of 2668	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	97
PID 3032 wrote to memory of 4564	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	98
PID 3032 wrote to memory of 4564	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	98
PID 3032 wrote to memory of 4564	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	98
PID 4840 wrote to memory of 4000	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	100
PID 4840 wrote to memory of 4000	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	100
PID 4840 wrote to memory of 4000	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	100
PID 3152 wrote to memory of 1992	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	101
PID 3152 wrote to memory of 1992	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	101
PID 3152 wrote to memory of 1992	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	101
PID 4824 wrote to memory of 5080	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	102
PID 4824 wrote to memory of 5080	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	102
PID 4824 wrote to memory of 5080	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	102
PID 4980 wrote to memory of 1984	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	104
PID 4980 wrote to memory of 1984	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	104
PID 4980 wrote to memory of 1984	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	104
PID 3032 wrote to memory of 1544	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	103
PID 3032 wrote to memory of 1544	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	103
PID 3032 wrote to memory of 1544	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	103
PID 4656 wrote to memory of 4948	4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	105
PID 4656 wrote to memory of 4948	4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	105
PID 4656 wrote to memory of 4948	4656	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	105
PID 2668 wrote to memory of 2804	2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	106
PID 2668 wrote to memory of 2804	2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	106
PID 2668 wrote to memory of 2804	2668	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	106
PID 4564 wrote to memory of 2820	4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	107
PID 4564 wrote to memory of 2820	4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	107
PID 4564 wrote to memory of 2820	4564	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	107
PID 4840 wrote to memory of 4988	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	108
PID 4840 wrote to memory of 4988	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	108
PID 4840 wrote to memory of 4988	4840	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	108
PID 3152 wrote to memory of 5008	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	109
PID 3152 wrote to memory of 5008	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	109
PID 3152 wrote to memory of 5008	3152	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	109
PID 4000 wrote to memory of 4184	4000	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	110
PID 4000 wrote to memory of 4184	4000	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	110
PID 4000 wrote to memory of 4184	4000	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	110
PID 4824 wrote to memory of 4768	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	111
PID 4824 wrote to memory of 4768	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	111
PID 4824 wrote to memory of 4768	4824	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	111
PID 4980 wrote to memory of 3104	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	112
PID 4980 wrote to memory of 3104	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	112
PID 4980 wrote to memory of 3104	4980	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	112
PID 3032 wrote to memory of 4724	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	113
PID 3032 wrote to memory of 4724	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	113
PID 3032 wrote to memory of 4724	3032	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	113
PID 1992 wrote to memory of 644	1992	2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3152
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        9⤵
        
        PID:23608
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:20800
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        9⤵
        
        PID:23584
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:21324
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:22784
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19668
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:23524
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:22192
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:24316
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21856
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22104
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22812
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21952
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19512
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22112
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19504
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22796
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20812
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:22876
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22068
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19812
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22152
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21036
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23576
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21960
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22084
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22120
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22168
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:13936
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21240
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22176
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:24424
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22828
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20980
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:23592
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22076
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:1536
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:20836
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7284
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11476
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:15140
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:21852
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        8⤵
        
        PID:23540
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:23532
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23548
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22732
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23508
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20728
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:23644
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20852
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23660
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20568
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18448
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22092
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22804
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22208
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20860
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:23600
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:21568
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:21332
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:20820
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11380
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:16460
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:22820
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4824
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21512
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22780
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21708
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:23348
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:23032
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20828
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17984
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:20844
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:19520
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:7676
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11656
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:15256
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:21236
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        6⤵
        
        PID:23652
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21500
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22184
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
        5⤵
        
        PID:23616
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:22224
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:24020
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:8108
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11344
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:15132
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:14056
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:21296
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:24396
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11444
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:16420
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:23516
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
      4⤵
      PID:13924
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:11856
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:6928
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:24484
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:8636
- - C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
    3⤵
    PID:15048
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:11624
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:16444
- C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2e1c055f527a18a1c0327d84c9e113d0_NeikiAnalytics.exe"
  2⤵
  PID:23040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black gay bukkake [free] hole leather (Karin).zip.exe

Filesize
1.7MB

MD5
4465c9e2aa35f76921ceccae9cd47c17

SHA1
c1e020c2db878ef1b481698f9bfc703ad42e24a6

SHA256
cc493c96141e98ca18f8ac757f5db21f7541b03c70b75d9ea1551183baa60e31

SHA512
e95dad4bde71b0dcdbd950169220514a9981a9b2f63345e757b0e57dc0d200e61c46fe4d6d6cf73d40e5d200c2e6df4ba02fe33c26bfaf7b269f36a0b4b30a7a

Download Submit
C:\debug.txt

Filesize
146B

MD5
6818737d0d81e9429609c8b1deaf0b69

SHA1
c065076bcb492b822e0699eb8e7648aba5f6f773

SHA256
e676829f9603c49606060f5625e4583232c7f6dee706ea64eeccaaaed2618827

SHA512
1ff8362ebdd333bd8ca46327bdb71916196f6a44276773f0eef9d7d6ee6b850a4c028cc2f8661712be63aeb12b51979e1fb107c49a6470db636ec668bdc36cfe

Download Submit
memory/400-201-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/640-205-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/644-199-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1544-188-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1984-187-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1992-185-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2216-269-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2668-182-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2804-190-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2820-191-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3000-206-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3004-204-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3032-153-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3104-197-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3132-202-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3152-70-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4000-184-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4184-195-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4212-207-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4536-208-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4564-183-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4640-200-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4656-181-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4684-203-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4724-198-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4768-196-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4824-180-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4840-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4948-189-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4980-152-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4988-193-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5008-194-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5080-186-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5256-212-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5264-214-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5272-213-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5280-216-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5288-215-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5312-217-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5320-218-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5328-219-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5336-220-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5352-221-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5360-227-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5368-223-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5376-224-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-228-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5692-229-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5924-222-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6072-225-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6116-226-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6208-230-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6256-231-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6288-237-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6304-241-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6312-234-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6320-235-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6328-236-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6336-240-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6344-243-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6356-244-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6380-262-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6396-263-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6416-242-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6604-245-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6616-246-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6644-247-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6680-248-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6772-249-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6820-251-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6828-250-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6928-264-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6952-252-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6964-253-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6976-254-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6996-255-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7028-271-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7092-259-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7112-256-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7140-257-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7164-258-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7344-272-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7612-276-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7628-275-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7636-278-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7644-277-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7812-279-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7828-280-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7840-284-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7848-281-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7856-282-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7868-283-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8016-286-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8028-307-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8072-305-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8080-306-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download