e32bc8d5b705d626a9468ba1d6d11d5ca4faa1c5e729fcb5411b1e060380899e

Analysis

max time kernel
15s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Size

1.5MB
MD5

c1db1d9ba329625cbe7e93ac2c65ed70
SHA1

f4bf560426d70393dadb4ccf65cfe0d8f442d89a
SHA256

e32bc8d5b705d626a9468ba1d6d11d5ca4faa1c5e729fcb5411b1e060380899e
SHA512

fd56900ff0c3d91fffcbdfca95a35351df5988fbe660e41a22fbaa80b9df52976db9b00ba2f19e68c1a86fbbb45e8598d8fd4e96e8dabf3b9ff9c70ffa2c42c5
SSDEEP

24576:oW1M6mYiV+S4sWHh+mL7tTIoCctroLE8nTiEMr6ymMWQUdK3VI19Ff5uYmWhQyc0:VGN4DR7tTnCwc0TBWxdKFI19iYm0VymN

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 22 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\P:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\S:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\U:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\V:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\W:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\G:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\B:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\J:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\L:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\N:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\T:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\A:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\K:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\X:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\E:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\M:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\O:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\R:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File opened (read-only)	\??\I:	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\canadian action cumshot girls legs sweet .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\danish cumshot sleeping .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\handjob handjob big 50+ .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\german kicking big lady .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german horse beastiality sleeping 50+ (Sonja).mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beastiality full movie gorgeoushorny .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french trambling fetish uncut circumcision .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\porn [milf] stockings .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie hot (!) vagina shoes .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian cum bukkake several models swallow (Ashley).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian lesbian trambling voyeur YEâPSè& .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\porn lesbian sm (Curtney,Jenna).avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\kicking kicking lesbian ash .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling lesbian [milf] ash upskirt .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian fucking gang bang masturbation high heels (Sonja,Sylvia).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish fetish gang bang several models leather .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\asian nude licking .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm licking feet (Karin).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse voyeur gorgeoushorny (Tatjana,Karin).rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian beast cum [free] granny .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\british kicking hardcore voyeur bedroom .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beastiality nude public bondage .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lingerie hidden boobs mistress .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish several models ash .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\xxx blowjob [free] legs granny .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\beastiality fucking voyeur castration (Britney).mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish horse public 40+ .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\german bukkake gang bang catfight .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian beastiality [milf] (Jade).rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal beastiality lesbian (Britney).mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\beast fucking uncut boots .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish cum masturbation .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian handjob voyeur boobs granny .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\fucking porn [bangbus] traffic .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\indian horse lesbian ash lady (Curtney).avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\british cum several models nipples .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\security\templates\german horse beast [free] boobs .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\russian lesbian beastiality [bangbus] glans leather .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\brasilian cumshot sleeping nipples mistress .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\spanish kicking [free] .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\norwegian porn beastiality licking mistress .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\japanese bukkake nude [free] .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse [milf] .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian nude several models .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\kicking masturbation granny (Sylvia,Sandy).avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gang bang several models pregnant .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\tyrkish sperm masturbation ash .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\british horse uncut hairy .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\swedish gang bang hardcore [free] (Gina,Curtney).avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cum girls bedroom .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\animal full movie lady (Melissa).mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese gang bang hidden cock (Jenna,Christine).avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\norwegian cumshot big .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian lingerie fucking voyeur ejaculation .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie trambling uncut (Christine).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lesbian bukkake catfight pregnant (Sarah).mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\chinese bukkake licking fishy .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\nude lingerie [bangbus] nipples circumcision .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish lingerie uncut fishy (Janette,Samantha).mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse hot (!) ash .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\horse public .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx hidden .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\american bukkake gang bang full movie .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\porn lesbian .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian sperm licking hairy .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\animal catfight penetration .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\black horse gang bang uncut hole .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\tyrkish cum lesbian lesbian .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\african gang bang public blondie .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\porn full movie feet leather .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cumshot catfight legs swallow .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\african gang bang sleeping cock (Jade).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french trambling voyeur vagina .zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german cum public young .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\danish nude trambling sleeping latex .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british sperm kicking girls gorgeoushorny .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese xxx handjob lesbian femdom .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\nude several models sweet (Jenna).mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african gay xxx voyeur .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish horse catfight .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese nude hidden (Curtney).rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\italian horse girls wifey .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian action action [milf] .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\brasilian beastiality uncut titts beautyfull .mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\indian horse handjob voyeur beautyfull (Sylvia,Karin).rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\action full movie legs .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french xxx hot (!) bondage (Ashley).zip.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian fetish beastiality licking .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black action action sleeping nipples (Tatjana,Jade).mpeg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\tyrkish fetish several models mistress .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian handjob lingerie big femdom .mpg.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\tyrkish action action lesbian bondage .rar.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian gay [free] .avi.exe	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
1948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
1948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3996	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3996	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3980	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3980	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2184	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2184	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4204	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4204	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3716	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
3716	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4956	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
4956	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2884	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
2884	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 2428	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	86
PID 4328 wrote to memory of 2428	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	86
PID 4328 wrote to memory of 2428	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	86
PID 4328 wrote to memory of 544	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	88
PID 4328 wrote to memory of 544	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	88
PID 4328 wrote to memory of 544	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	88
PID 2428 wrote to memory of 4312	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	89
PID 2428 wrote to memory of 4312	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	89
PID 2428 wrote to memory of 4312	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	89
PID 544 wrote to memory of 436	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	97
PID 544 wrote to memory of 436	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	97
PID 544 wrote to memory of 436	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	97
PID 4328 wrote to memory of 2828	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	98
PID 4328 wrote to memory of 2828	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	98
PID 4328 wrote to memory of 2828	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	98
PID 2428 wrote to memory of 5088	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	99
PID 2428 wrote to memory of 5088	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	99
PID 2428 wrote to memory of 5088	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	99
PID 4312 wrote to memory of 2332	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	100
PID 4312 wrote to memory of 2332	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	100
PID 4312 wrote to memory of 2332	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	100
PID 544 wrote to memory of 1948	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	101
PID 544 wrote to memory of 1948	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	101
PID 544 wrote to memory of 1948	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	101
PID 2428 wrote to memory of 3996	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	102
PID 2428 wrote to memory of 3996	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	102
PID 2428 wrote to memory of 3996	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	102
PID 4328 wrote to memory of 3980	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	103
PID 4328 wrote to memory of 3980	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	103
PID 4328 wrote to memory of 3980	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	103
PID 436 wrote to memory of 2184	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	105
PID 436 wrote to memory of 2184	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	105
PID 436 wrote to memory of 2184	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	105
PID 4312 wrote to memory of 4204	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	106
PID 4312 wrote to memory of 4204	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	106
PID 4312 wrote to memory of 4204	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	106
PID 5088 wrote to memory of 3716	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	107
PID 5088 wrote to memory of 3716	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	107
PID 5088 wrote to memory of 3716	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	107
PID 2828 wrote to memory of 2948	2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	108
PID 2828 wrote to memory of 2948	2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	108
PID 2828 wrote to memory of 2948	2828	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	108
PID 2332 wrote to memory of 4956	2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	109
PID 2332 wrote to memory of 4956	2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	109
PID 2332 wrote to memory of 4956	2332	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	109
PID 544 wrote to memory of 2884	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	110
PID 544 wrote to memory of 2884	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	110
PID 544 wrote to memory of 2884	544	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	110
PID 2428 wrote to memory of 3092	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	111
PID 2428 wrote to memory of 3092	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	111
PID 2428 wrote to memory of 3092	2428	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	111
PID 4328 wrote to memory of 2836	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	112
PID 4328 wrote to memory of 2836	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	112
PID 4328 wrote to memory of 2836	4328	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	112
PID 436 wrote to memory of 2392	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	113
PID 436 wrote to memory of 2392	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	113
PID 436 wrote to memory of 2392	436	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	113
PID 1948 wrote to memory of 4216	1948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	114
PID 1948 wrote to memory of 4216	1948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	114
PID 1948 wrote to memory of 4216	1948	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	114
PID 5088 wrote to memory of 536	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	115
PID 5088 wrote to memory of 536	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	115
PID 5088 wrote to memory of 536	5088	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	115
PID 4312 wrote to memory of 1928	4312	c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        Checks computer location settings
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        8⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:19904
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:19920
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16780
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16168
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:19800
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16568
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:8100
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:11040
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16616
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:544
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16756
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16256
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16860
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16708
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16264
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:13280
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:384
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16352
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:8156
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:11160
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16176
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16812
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:8172
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:10904
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16832
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:7988
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16576
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:5320
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:11528
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16632
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:6704
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:12928
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:16392
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:7996
- - C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
    3⤵
    PID:19912
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:10800
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:14876
- C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c1db1d9ba329625cbe7e93ac2c65ed70_NeikiAnalytics.exe"
  2⤵
  PID:16924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\british kicking hardcore voyeur bedroom .zip.exe

Filesize
1.9MB

MD5
c0cc7abb8e91f7717bd41d772729b79c

SHA1
d05d0a25baaedbf97749bdccb9719a8ae8e64bfc

SHA256
abf57fceed083b8ce9730a4e29328df1e7ff1eb6d9ccc309644bf9976c06419b

SHA512
14e78b1fb7ecfaddd81a5e05236bc48e279a83d3726c97d814a3e87c2592ac13d44276cdaccf853d4c24b295f775ba4bf81ba0a0118befb47b8449b489ac2f2e

Download Submit
memory/436-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/544-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1236-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1928-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2184-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2232-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2332-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2392-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2428-26-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2828-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3092-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3208-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3716-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4040-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4216-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4276-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4312-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4328-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4472-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5020-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5064-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5224-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5256-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5264-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5272-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5280-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5304-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5312-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5328-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5364-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5412-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5552-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5556-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6136-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6248-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6256-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6288-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6296-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6416-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6424-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6452-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6576-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6584-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6592-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6652-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6712-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6752-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6836-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6844-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6896-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6904-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6972-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6992-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7096-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7200-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7388-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7420-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7528-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7568-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7656-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7684-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7696-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7704-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7988-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7996-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8004-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8012-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8020-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8028-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8036-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8044-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8052-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8092-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8100-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8124-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8156-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8164-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8172-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8180-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8188-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8208-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8216-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8224-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8244-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8252-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8260-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8652-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9180-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9344-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9496-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9504-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download