b4920dcf3ae5bc1c88f0392bd4ec6e4f8d1329e7c537d64cb836a5c5c38fd222

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Size

386KB
MD5

6bb2a30ac470554272a129b404794430
SHA1

77e37ebc4c460a2ca27b527e2f694eef0acfff43
SHA256

b4920dcf3ae5bc1c88f0392bd4ec6e4f8d1329e7c537d64cb836a5c5c38fd222
SHA512

b1087f3d6e2d42fb2f8861e457170b24468a9d33d3fc0d9a16097c714b98c2083f005f57eb67ae553316520713706e947d32f0c707473c2022a8c4aab194dc35
SSDEEP

12288:JEyDMhqhLtRUlW4N2SqqpGN90SPmWOgcm0QRE:JBrSq8GNaKmeE

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/60-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00080000000235e2-5.dat	upx
behavioral2/memory/2532-15-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1392-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4984-154-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4416-171-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2644-172-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4776-174-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1276-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2372-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/60-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1912-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1392-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2532-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4984-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2736-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4416-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/60-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3068-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2644-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4776-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4452-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4612-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2544-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2536-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2372-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2276-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3996-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1912-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5232-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3068-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2776-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5252-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5240-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2640-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5404-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/352-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2252-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5412-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4612-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4556-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2544-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5396-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4280-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/64-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3736-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2276-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5452-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5144-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5232-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5544-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5460-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5240-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6080-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5476-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6216-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5468-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6304-257-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6428-266-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6488-262-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6436-261-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\V:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\A:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\H:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\J:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\K:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\R:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\G:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\I:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\M:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\T:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\W:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\B:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\E:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\L:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\N:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\S:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\O:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\P:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\X:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking big bondage .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese nude fucking [bangbus] (Curtney).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american handjob gay licking glans .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling big hole (Jenna,Sylvia).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian nude xxx public .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\american cumshot blowjob public shoes .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish horse hardcore sleeping cock sm .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish animal beast licking (Jade).zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian [milf] titts gorgeoushorny .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian horse lesbian hot (!) latex .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx hidden cock girly (Janette).rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian nude hardcore hot (!) hairy .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian lesbian hole pregnant .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian beast [bangbus] (Tatjana).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian cumshot sperm licking beautyfull (Sandy,Janette).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian gang bang bukkake [milf] 50+ .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake catfight circumcision .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore masturbation cock boots (Liz).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish gang bang hardcore hidden black hairunshaved .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\gay lesbian hole shoes (Sylvia).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese action beast sleeping feet .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm [free] (Jade).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish cumshot bukkake voyeur stockings .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian nude lesbian [bangbus] feet hairy (Sylvia).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking hidden titts penetration (Curtney).rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay hot (!) feet black hairunshaved (Sarah).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese nude trambling lesbian titts .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\EDGEMITMP_509DC.tmp\horse girls titts .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian beastiality trambling full movie stockings .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\xxx [free] titts gorgeoushorny .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse several models .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\InputMethod\SHARED\black porn xxx hidden (Samantha).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore licking hole (Jenna,Karin).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian nude lingerie [milf] titts hotel .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\fetish beast [milf] hole (Kathrin,Sylvia).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\bukkake uncut hole high heels (Liz).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\fucking sleeping hairy (Jenna,Jade).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\japanese gang bang blowjob girls feet Ôï .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking fucking catfight (Liz).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian fetish hardcore masturbation (Curtney).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\canadian bukkake lesbian cock .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie big .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\asian sperm lesbian mistress .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse bukkake [milf] cock penetration .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese cumshot lesbian hot (!) .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\russian handjob lesbian [free] leather .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\german trambling [milf] glans boots .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\italian beastiality sperm uncut glans Ôï (Melissa).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\cum hardcore lesbian hole sm .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\horse voyeur circumcision .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german trambling public hole sm .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese gay several models girly .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\american cum sperm big 50+ .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\tyrkish horse bukkake lesbian titts .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian lingerie [bangbus] .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black handjob beast hot (!) bondage .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\horse uncut shoes .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian kicking hardcore masturbation titts blondie .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\hardcore masturbation .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\lingerie hidden shower .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude gay [bangbus] glans castration .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\lingerie sleeping feet castration (Janette).zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality gay licking latex .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\norwegian hardcore uncut cock .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\italian cum beast [milf] shower .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish blowjob [bangbus] titts (Anniston,Sarah).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish horse fucking public cock .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\norwegian hardcore hidden hole .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\russian beastiality trambling licking shoes .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish gay licking .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm hidden cock (Britney,Karin).avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gay catfight balls .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\nude hardcore hidden .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\french fucking lesbian castration .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob [milf] granny .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese fetish horse sleeping cock mistress (Melissa).rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn trambling girls glans swallow (Liz).mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\american kicking gay full movie glans black hairunshaved .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie [free] cock .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black animal fucking [free] stockings .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\brasilian handjob bukkake uncut gorgeoushorny .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\fucking girls black hairunshaved .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\blowjob uncut feet 40+ .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black nude lingerie several models (Tatjana).rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\american cum gay catfight mature .zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\japanese nude trambling public penetration (Sonja,Liz).mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\japanese animal beast hot (!) YEâPSè& (Gina,Sarah).rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lesbian [bangbus] 50+ .avi.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\asian beast several models .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian hardcore girls balls .mpeg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british bukkake licking glans .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian fetish fucking public (Janette).zip.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking hardcore full movie feet .rar.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\sperm catfight young .mpg.exe	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1276	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1276	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4452	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4452	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2372	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2372	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2536	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2536	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4548	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4548	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1912	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
1912	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
3996	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
3996	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2736	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2736	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
2776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 2532	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	93
PID 60 wrote to memory of 2532	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	93
PID 60 wrote to memory of 2532	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	93
PID 60 wrote to memory of 1392	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	95
PID 60 wrote to memory of 1392	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	95
PID 60 wrote to memory of 1392	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	95
PID 2532 wrote to memory of 4984	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	96
PID 2532 wrote to memory of 4984	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	96
PID 2532 wrote to memory of 4984	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	96
PID 60 wrote to memory of 4416	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	98
PID 60 wrote to memory of 4416	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	98
PID 60 wrote to memory of 4416	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	98
PID 2532 wrote to memory of 400	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	99
PID 2532 wrote to memory of 400	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	99
PID 2532 wrote to memory of 400	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	99
PID 1392 wrote to memory of 2644	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	100
PID 1392 wrote to memory of 2644	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	100
PID 1392 wrote to memory of 2644	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	100
PID 4984 wrote to memory of 4776	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	101
PID 4984 wrote to memory of 4776	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	101
PID 4984 wrote to memory of 4776	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	101
PID 60 wrote to memory of 1276	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	102
PID 60 wrote to memory of 1276	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	102
PID 60 wrote to memory of 1276	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	102
PID 2532 wrote to memory of 4452	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	103
PID 2532 wrote to memory of 4452	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	103
PID 2532 wrote to memory of 4452	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	103
PID 4416 wrote to memory of 2372	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	104
PID 4416 wrote to memory of 2372	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	104
PID 4416 wrote to memory of 2372	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	104
PID 1392 wrote to memory of 2536	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	105
PID 1392 wrote to memory of 2536	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	105
PID 1392 wrote to memory of 2536	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	105
PID 400 wrote to memory of 4548	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	106
PID 400 wrote to memory of 4548	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	106
PID 400 wrote to memory of 4548	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	106
PID 4984 wrote to memory of 1912	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	107
PID 4984 wrote to memory of 1912	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	107
PID 4984 wrote to memory of 1912	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	107
PID 2644 wrote to memory of 3996	2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	108
PID 2644 wrote to memory of 3996	2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	108
PID 2644 wrote to memory of 3996	2644	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	108
PID 4776 wrote to memory of 2736	4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	109
PID 4776 wrote to memory of 2736	4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	109
PID 4776 wrote to memory of 2736	4776	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	109
PID 1276 wrote to memory of 2776	1276	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	110
PID 1276 wrote to memory of 2776	1276	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	110
PID 1276 wrote to memory of 2776	1276	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	110
PID 60 wrote to memory of 3068	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	111
PID 60 wrote to memory of 3068	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	111
PID 60 wrote to memory of 3068	60	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	111
PID 2532 wrote to memory of 2252	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	112
PID 2532 wrote to memory of 2252	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	112
PID 2532 wrote to memory of 2252	2532	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	112
PID 4416 wrote to memory of 2640	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	113
PID 4416 wrote to memory of 2640	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	113
PID 4416 wrote to memory of 2640	4416	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	113
PID 400 wrote to memory of 352	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	114
PID 400 wrote to memory of 352	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	114
PID 400 wrote to memory of 352	400	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	114
PID 1392 wrote to memory of 64	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	115
PID 1392 wrote to memory of 64	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	115
PID 1392 wrote to memory of 64	1392	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	115
PID 4984 wrote to memory of 2544	4984	6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:60
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        9⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:19860
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:21188
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:19916
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:20360
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:20564
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:21212
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:22196
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19908
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19884
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19924
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:20588
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:21268
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:1380
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:22488
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14928
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15108
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14948
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:19204
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:9588
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:13084
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:14920
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        8⤵
        
        PID:22232
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:22240
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:21168
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15196
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:21204
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:20008
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15228
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:20596
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:17804
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:21468
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:9708
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:15132
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4416
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8824
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:19892
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15220
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14784
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:20580
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:14980
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:9652
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:15288
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        6⤵
        
        PID:21180
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:19900
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15164
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15068
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:20176
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:20496
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:14600
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
        5⤵
        
        PID:19852
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
      4⤵
      PID:19784
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:14800
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:10984
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:15236
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:7368
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:21196
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:8744
- - C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
    3⤵
    PID:1584
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:9628
- C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bb2a30ac470554272a129b404794430_NeikiAnalytics.exe"
  2⤵
  PID:6152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4552,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:8
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake catfight circumcision .mpg.exe

Filesize
1.7MB

MD5
dc82c8fb42ecb1da588213dcfce3eebd

SHA1
ebbc4321f53888fb999d4602192ba21befcfaac1

SHA256
7ea6623fa1c4276947028da314f53e8846472c05d99eef8c25ab17fa8cee64ca

SHA512
8df007cbc0c038e09ff6e70da6b886633d507f46ebd2add649e5903cc1aa5d63236a4b89904b7d4aa308a4af78a0b4956023173e607164df5866947291d593fc

Download Submit
memory/60-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/60-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/60-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/60-317-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/60-456-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/64-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/352-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1276-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1392-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1392-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1912-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1912-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2252-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2276-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2276-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2372-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2372-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-15-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2536-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2544-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2544-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2644-172-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2736-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2776-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3068-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3068-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3736-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3996-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4280-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4416-171-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4416-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4452-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4556-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4612-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4612-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4776-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4776-174-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4984-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4984-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5144-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5232-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5232-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5240-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5240-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5348-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5360-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5368-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5380-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5396-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5396-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5404-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5404-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5412-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5412-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5428-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5436-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5452-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5452-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5544-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5544-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5688-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6080-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6080-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6156-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6248-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6288-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6304-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6328-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6336-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6352-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6412-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6420-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6428-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6436-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6488-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6756-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6764-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6776-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6852-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6896-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6928-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download