069545197966bde77c906238e6f4f96a681201704e4b4c80a4d460911ada2f51

Analysis

max time kernel
16s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Size

1.3MB
MD5

4819fbb18a971f4664a4e7cab074ca40
SHA1

b5009e079309574cc2117eb30bd7c437b88a56c0
SHA256

069545197966bde77c906238e6f4f96a681201704e4b4c80a4d460911ada2f51
SHA512

9410204591f5225bbae08038c28fe8f1af485f3414d257c1f7c9915bb7b95cc7152f05a84f54fdc7fa88b0d034b68d1fdc2cfce25eb9e39a130580ff6bd53844
SSDEEP

24576:oW18pU5RzwL4v7ZfdmGWirSvsqy2B73zmGE0Djnuxn3fAG4+Rwb1Hgs:V1r5t7mGTAXdY2u93IG4+RwJN

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\R:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\U:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\G:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\H:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\K:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\N:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\V:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\W:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\E:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\I:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\T:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\X:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\J:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\M:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\L:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\O:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\S:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\A:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File opened (read-only)	\??\B:	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore hot (!) glans gorgeoushorny (Karin).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian nude fucking hot (!) feet sm .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian cum beast [bangbus] (Sylvia).avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish cum hardcore hot (!) 50+ .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling [free] redhair .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian gay licking 40+ .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian beastiality xxx [milf] beautyfull .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action lingerie several models .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob several models (Sylvia).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish horse horse licking hole .mpg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian action horse catfight wifey (Kathrin,Sarah).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese kicking lesbian licking .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\american handjob lesbian sleeping titts shoes .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian gang bang sperm masturbation hole .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish kicking beast [milf] balls .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish gang bang sperm [free] swallow .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking big YEâPSè& .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish action horse uncut bedroom .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black cumshot trambling hot (!) (Melissa).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black action lingerie catfight .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling [bangbus] hole YEâPSè& (Sylvia).avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian lesbian [bangbus] .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\italian kicking lingerie [milf] femdom (Britney,Jade).mpg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx [milf] feet .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black animal trambling lesbian sweet .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese action blowjob full movie glans .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish handjob beast masturbation cock hotel .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian horse hardcore masturbation ash .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\gang bang beast public feet black hairunshaved .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american cumshot lingerie [milf] .mpg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian gay sleeping ash .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\blowjob [free] .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob big glans shoes .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\handjob lingerie hot (!) .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx big .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian hardcore several models glans black hairunshaved (Jade).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fucking sleeping wifey .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british horse [milf] Ôï .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\xxx full movie granny .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action lingerie catfight .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\malaysia sperm masturbation glans .mpg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\animal lingerie hot (!) beautyfull .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lingerie several models hole .mpg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish cum sperm voyeur .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beast hot (!) hole granny (Samantha).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian kicking bukkake big .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\italian cumshot lingerie sleeping young (Sonja,Jade).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\porn blowjob [bangbus] .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\beast big .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian gay licking hole .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\malaysia lesbian sleeping upskirt .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british sperm lesbian feet sm .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob catfight sm .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cumshot trambling public feet .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake sleeping glans .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cum trambling full movie glans .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\fucking full movie bedroom (Gina,Sylvia).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\bukkake uncut (Jade).mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian cumshot hardcore [bangbus] glans .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\japanese gang bang hardcore catfight redhair .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse gay lesbian hotel .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking [milf] titts YEâPSè& (Curtney).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian handjob gay [free] glans 50+ .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian beastiality lesbian lesbian ash .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish xxx hidden hole .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese porn blowjob lesbian bedroom (Christine,Tatjana).avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian horse [free] gorgeoushorny .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\nude trambling big .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american nude blowjob hot (!) stockings (Kathrin,Samantha).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\blowjob voyeur leather (Britney,Tatjana).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\danish beastiality lingerie licking hole .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\fetish horse [bangbus] glans YEâPSè& .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore public feet (Kathrin,Janette).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\sperm public cock Ôï .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian cumshot bukkake [free] hole mature (Janette).mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian nude lingerie [bangbus] feet redhair (Liz).avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\cum xxx lesbian hairy .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese action fucking lesbian sweet .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian lingerie sleeping leather .zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\cumshot bukkake girls .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american handjob sperm hidden feet redhair .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\horse [milf] sweet .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian handjob blowjob several models hole .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\black handjob xxx licking .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fucking girls hole (Kathrin,Karin).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay [bangbus] (Melissa).rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\horse gay sleeping cock YEâPSè& .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cumshot lesbian masturbation glans .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\british horse hot (!) shoes .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\action bukkake hot (!) (Sylvia).zip.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\kicking blowjob lesbian upskirt .avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse licking mature .mpeg.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore catfight .rar.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\indian nude sperm lesbian (Curtney).avi.exe	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1164	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1164	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4564	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4564	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1220	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1220	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3096	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3096	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3876	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3876	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2320	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2320	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2068	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
2068	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
216	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
216	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 1836	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	85
PID 3612 wrote to memory of 1836	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	85
PID 3612 wrote to memory of 1836	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	85
PID 1836 wrote to memory of 2700	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	86
PID 1836 wrote to memory of 2700	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	86
PID 1836 wrote to memory of 2700	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	86
PID 3612 wrote to memory of 1256	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	87
PID 3612 wrote to memory of 1256	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	87
PID 3612 wrote to memory of 1256	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	87
PID 1836 wrote to memory of 4904	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	88
PID 1836 wrote to memory of 4904	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	88
PID 1836 wrote to memory of 4904	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	88
PID 2700 wrote to memory of 3156	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	89
PID 2700 wrote to memory of 3156	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	89
PID 2700 wrote to memory of 3156	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	89
PID 3612 wrote to memory of 1628	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	90
PID 3612 wrote to memory of 1628	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	90
PID 3612 wrote to memory of 1628	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	90
PID 1256 wrote to memory of 3952	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	91
PID 1256 wrote to memory of 3952	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	91
PID 1256 wrote to memory of 3952	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	91
PID 2700 wrote to memory of 1164	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	92
PID 2700 wrote to memory of 1164	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	92
PID 2700 wrote to memory of 1164	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	92
PID 3156 wrote to memory of 4564	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	93
PID 3156 wrote to memory of 4564	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	93
PID 3156 wrote to memory of 4564	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	93
PID 3612 wrote to memory of 4952	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	94
PID 3612 wrote to memory of 4952	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	94
PID 3612 wrote to memory of 4952	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	94
PID 1836 wrote to memory of 1220	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	95
PID 1836 wrote to memory of 1220	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	95
PID 1836 wrote to memory of 1220	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	95
PID 1628 wrote to memory of 3096	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	96
PID 1628 wrote to memory of 3096	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	96
PID 1628 wrote to memory of 3096	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	96
PID 4904 wrote to memory of 3876	4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	97
PID 4904 wrote to memory of 3876	4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	97
PID 4904 wrote to memory of 3876	4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	97
PID 1256 wrote to memory of 2320	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	98
PID 1256 wrote to memory of 2320	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	98
PID 1256 wrote to memory of 2320	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	98
PID 3952 wrote to memory of 2068	3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	99
PID 3952 wrote to memory of 2068	3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	99
PID 3952 wrote to memory of 2068	3952	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	99
PID 1836 wrote to memory of 216	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	100
PID 1836 wrote to memory of 216	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	100
PID 1836 wrote to memory of 216	1836	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	100
PID 2700 wrote to memory of 1460	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	101
PID 2700 wrote to memory of 1460	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	101
PID 2700 wrote to memory of 1460	2700	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	101
PID 3612 wrote to memory of 3436	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	102
PID 3612 wrote to memory of 3436	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	102
PID 3612 wrote to memory of 3436	3612	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	102
PID 1628 wrote to memory of 2340	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	103
PID 1628 wrote to memory of 2340	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	103
PID 1628 wrote to memory of 2340	1628	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	103
PID 3156 wrote to memory of 2148	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	104
PID 3156 wrote to memory of 2148	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	104
PID 3156 wrote to memory of 2148	3156	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	104
PID 1256 wrote to memory of 1040	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	106
PID 1256 wrote to memory of 1040	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	106
PID 1256 wrote to memory of 1040	1256	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	106
PID 4904 wrote to memory of 844	4904	4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe	105

C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:976
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:1316
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8316
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:12832
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:14088
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:14132
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:3728
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10300
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:12116
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2196
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        6⤵
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2524
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:14112
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:13132
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:8792
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:17304
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2144
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:9520
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:12668
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2612
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:7944
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:11120
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2600
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:3436
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
        5⤵
        
        PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:1440
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:10212
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:5940
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:9936
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:2100
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:6656
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:6112
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:8840
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:12092
- - C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
    3⤵
    PID:17032
- C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4819fbb18a971f4664a4e7cab074ca40_NeikiAnalytics.exe"
  2⤵
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese action blowjob full movie glans .zip.exe

Filesize
1.4MB

MD5
ec4c462767b51810945f8288137094a2

SHA1
7bd5a7c47cbbc2fb0a7704d823b49bfb0d04c1c1

SHA256
73ced14a3cbd4f2aee8e95fe44cf8e7c64028c2941d5cbeea34762baa3403574

SHA512
9c9508bfc3289b7d182d3c5ef6f2d1f3bb04f557c1ebb487f72523098aaecd25131bcb2b4f6b54eea0c71df82e124a002a6a6a34d580ac55e10a10d28de385d0

Download Submit
memory/216-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/744-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/820-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/844-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1040-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1164-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1220-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1224-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1256-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1320-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1460-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1536-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1608-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1628-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1836-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2580-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2700-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3028-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3052-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3096-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3156-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3416-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3436-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3612-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3612-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3876-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4280-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4680-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4896-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4904-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5032-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5064-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5080-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5088-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5432-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5620-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5716-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5760-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5776-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5784-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5792-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5812-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5876-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5988-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5996-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6036-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6180-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6364-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6488-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6552-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6584-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6636-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6644-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7128-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7184-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7256-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7312-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7320-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7400-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7408-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7416-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7440-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7480-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7644-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7708-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7716-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7996-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8048-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8232-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8240-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8464-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8512-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8688-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8756-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8792-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8804-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8820-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8840-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8848-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8860-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8868-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8876-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8888-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8984-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9036-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9228-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9520-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9596-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9712-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9988-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download