366069ef275c726b82f6dd9796f6efa260d4a4fb8676a51843e2436d0a897359

Analysis

max time kernel
15s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Size

785KB
MD5

e92aeaef8f223b3b32b32678ba737270
SHA1

e4ab3f0bbecbca0a4fafc812f08f775644f28832
SHA256

366069ef275c726b82f6dd9796f6efa260d4a4fb8676a51843e2436d0a897359
SHA512

30b1ca2cb342cfcc02a29693958e815d03cf14e2cba2cb363cce3e8fb7fc8294da713b9c2b5e687848507ec24db2a12cfc3bcd33ec1b804c9becacda3b0f08a5
SSDEEP

24576:bHu7ndnT8f+6AewDKun1jAjOwSuc37bJfY8:jEnfCwDKun1k5PcLbJfY8

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2892-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/files/0x000b0000000232fd-5.dat	upx
behavioral2/memory/468-12-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4200-143-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4352-146-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4468-160-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2032-162-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/368-168-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3160-178-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4632-177-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4108-181-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/100-182-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1000-185-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2176-190-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5008-195-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1648-196-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1744-199-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4496-198-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3000-200-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2684-201-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1336-202-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3248-205-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2452-204-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2324-207-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2424-206-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5100-203-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5184-210-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5168-214-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5216-213-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5208-212-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5200-211-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5176-209-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5432-217-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5192-216-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5448-223-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5440-222-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5388-221-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5500-220-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5492-219-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5376-218-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5300-215-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5908-227-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5916-226-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5976-228-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6020-230-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6012-229-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5984-233-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6052-232-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5968-231-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6064-234-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5940-235-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6160-236-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6220-241-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6212-240-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6204-239-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6236-247-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6508-248-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6548-250-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6540-249-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6556-254-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6612-253-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6592-252-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6640-251-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6228-244-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\N:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\W:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\X:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\E:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\G:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\J:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\R:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\S:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\T:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\A:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\B:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\I:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\K:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\L:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\H:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\O:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\P:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\U:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File opened (read-only)	\??\V:	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie lesbian sleeping hairy (Melissa,Ashley).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\spanish animal lesbian girls hole ash .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish sperm full movie titts .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\action hidden boobs traffic .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\kicking several models .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian sperm beastiality hot (!) .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish xxx hidden 40+ .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\black kicking animal hidden .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\norwegian fetish licking glans (Sandy,Britney).zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking hot (!) nipples boots (Kathrin).mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake sperm masturbation mistress (Melissa).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian hardcore girls feet beautyfull .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian xxx fucking big vagina (Karin,Britney).zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish handjob public .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german lingerie [bangbus] .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish bukkake fetish girls (Tatjana,Curtney).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\xxx catfight .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american fetish gang bang sleeping castration .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\action kicking girls mistress .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish fetish lesbian blondie .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\EDGEMITMP_509DC.tmp\horse horse big cock (Samantha,Kathrin).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\beastiality handjob [free] 50+ .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling bukkake several models (Samantha).zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake lingerie public pregnant .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay lesbian upskirt .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\handjob lingerie public hairy .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\british gay [bangbus] .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish blowjob gay several models glans (Sarah,Sarah).rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish gang bang girls leather .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african cum gay big swallow .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian cum handjob hidden .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish porn hidden ash .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fucking xxx uncut (Liz,Anniston).mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian bukkake several models feet (Tatjana).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\tyrkish lesbian lesbian .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\lingerie sleeping .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\handjob public boobs (Sandy,Ashley).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\trambling voyeur .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fetish horse hidden 50+ .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\indian kicking gang bang voyeur vagina (Janette,Melissa).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\african fucking sleeping redhair .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese trambling bukkake masturbation .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\kicking several models hole .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\black kicking catfight .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\french blowjob cum sleeping pregnant (Sarah,Anniston).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling hot (!) .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese horse cumshot [milf] (Liz,Sandy).rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british lingerie kicking voyeur (Tatjana,Sylvia).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\lingerie blowjob full movie nipples (Kathrin).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\italian beast action lesbian redhair .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish sperm lesbian big nipples black hairunshaved .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish handjob beastiality [bangbus] 40+ .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\chinese fetish animal full movie (Sylvia,Sonja).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia handjob action several models feet .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\swedish hardcore sleeping (Jade,Sonja).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\norwegian action several models legs (Jade).mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay licking sweet (Liz,Anniston).mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\horse licking .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm sleeping .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\beast [milf] .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\italian xxx horse several models hole Ôï .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fetish girls nipples ejaculation .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\malaysia bukkake xxx big feet circumcision (Britney,Sylvia).zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\russian animal lesbian cock shower (Tatjana).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\gay [free] black hairunshaved .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese handjob hidden bedroom .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\german hardcore hardcore lesbian circumcision .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\security\templates\handjob public boobs sm .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british trambling full movie hotel (Anniston).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian blowjob masturbation young .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian action hardcore girls glans (Melissa,Karin).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian xxx hidden cock black hairunshaved .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\chinese trambling lesbian licking .rar.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie horse hot (!) .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\british animal kicking uncut black hairunshaved .avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese fetish hot (!) .mpeg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian xxx hardcore public sm .mpg.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action lesbian boots .zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese bukkake gang bang licking castration (Gina).zip.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\fetish public young (Samantha).avi.exe	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4632	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4632	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
3160	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
3160	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4108	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4108	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
100	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
100	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1000	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1000	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2176	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
2176	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
5008	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
5008	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1648	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1648	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1744	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
1744	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	93
PID 2892 wrote to memory of 468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	93
PID 2892 wrote to memory of 468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	93
PID 2892 wrote to memory of 4200	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	95
PID 2892 wrote to memory of 4200	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	95
PID 2892 wrote to memory of 4200	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	95
PID 468 wrote to memory of 4352	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	96
PID 468 wrote to memory of 4352	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	96
PID 468 wrote to memory of 4352	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	96
PID 2892 wrote to memory of 4468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	98
PID 2892 wrote to memory of 4468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	98
PID 2892 wrote to memory of 4468	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	98
PID 4200 wrote to memory of 2032	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	99
PID 4200 wrote to memory of 2032	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	99
PID 4200 wrote to memory of 2032	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	99
PID 468 wrote to memory of 368	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	100
PID 468 wrote to memory of 368	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	100
PID 468 wrote to memory of 368	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	100
PID 4352 wrote to memory of 1004	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	101
PID 4352 wrote to memory of 1004	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	101
PID 4352 wrote to memory of 1004	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	101
PID 4200 wrote to memory of 4632	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	102
PID 4200 wrote to memory of 4632	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	102
PID 4200 wrote to memory of 4632	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	102
PID 2892 wrote to memory of 3160	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	103
PID 2892 wrote to memory of 3160	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	103
PID 2892 wrote to memory of 3160	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	103
PID 4468 wrote to memory of 4108	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	104
PID 4468 wrote to memory of 4108	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	104
PID 4468 wrote to memory of 4108	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	104
PID 2032 wrote to memory of 100	2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	105
PID 2032 wrote to memory of 100	2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	105
PID 2032 wrote to memory of 100	2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	105
PID 468 wrote to memory of 1000	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	106
PID 468 wrote to memory of 1000	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	106
PID 468 wrote to memory of 1000	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	106
PID 4352 wrote to memory of 2176	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	107
PID 4352 wrote to memory of 2176	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	107
PID 4352 wrote to memory of 2176	4352	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	107
PID 368 wrote to memory of 5008	368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	108
PID 368 wrote to memory of 5008	368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	108
PID 368 wrote to memory of 5008	368	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	108
PID 1004 wrote to memory of 1648	1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	109
PID 1004 wrote to memory of 1648	1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	109
PID 1004 wrote to memory of 1648	1004	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	109
PID 3160 wrote to memory of 4496	3160	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	110
PID 3160 wrote to memory of 4496	3160	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	110
PID 3160 wrote to memory of 4496	3160	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	110
PID 4200 wrote to memory of 1744	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	111
PID 4200 wrote to memory of 1744	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	111
PID 4200 wrote to memory of 1744	4200	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	111
PID 2892 wrote to memory of 3000	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	112
PID 2892 wrote to memory of 3000	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	112
PID 2892 wrote to memory of 3000	2892	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	112
PID 4632 wrote to memory of 2684	4632	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	113
PID 4632 wrote to memory of 2684	4632	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	113
PID 4632 wrote to memory of 2684	4632	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	113
PID 4468 wrote to memory of 5100	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	114
PID 4468 wrote to memory of 5100	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	114
PID 4468 wrote to memory of 5100	4468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	114
PID 468 wrote to memory of 1336	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	116
PID 468 wrote to memory of 1336	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	116
PID 468 wrote to memory of 1336	468	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	116
PID 2032 wrote to memory of 3248	2032	e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:328
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8668
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9632
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9100
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8360
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7304
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9432
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10052
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:12300
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:9220
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:556
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9208
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9452
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10036
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8144
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8236
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9668
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8932
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6152
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:13740
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8140
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9532
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:8216
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:11332
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10028
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:13364
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:9008
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9028
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:9672
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10228
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:12992
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:9592
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:5208
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:9868
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:13592
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:8776
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:6196
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:10976
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:7932
- - C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
    3⤵
    PID:11080
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:10044
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:4364
- C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e92aeaef8f223b3b32b32678ba737270_NeikiAnalytics.exe"
  2⤵
  PID:8320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian cum handjob hidden .mpg.exe

Filesize
261KB

MD5
e60ec7c676418dcb583ce003e5eb06eb

SHA1
6abcd48c83e26a095e5abef81f9d2931ab8fc870

SHA256
d3d5aed32dc7021aa6a26faf6b831b5fe69dbcb2818ffff7e65354cb12ef43cc

SHA512
729e0e38758a9e4207c3053edc82e12485eeb5b8263b20db28e7c2c08c1feaba8e958370ee7613df3f24c3d9dd2b7493950c3668ae7191691c52f4eb8ea55428

Download Submit
memory/100-182-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/368-168-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/468-12-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1000-185-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1336-202-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1648-196-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1744-199-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2032-162-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2176-190-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2324-207-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2424-206-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2452-204-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2684-201-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2892-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3000-200-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3160-178-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3248-205-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4108-181-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4200-143-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4352-146-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4468-160-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4496-198-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4632-177-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5008-195-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5100-203-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5168-214-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5176-209-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5184-210-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5192-216-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5200-211-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5208-212-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5216-213-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5300-215-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5376-218-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5388-221-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5432-217-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5440-222-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5448-223-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5492-219-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5500-220-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5908-227-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5916-226-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5940-235-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5968-231-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5976-228-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5984-233-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6012-229-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6020-230-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6052-232-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6064-234-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6160-236-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6184-237-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6196-238-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6204-239-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6212-240-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6220-241-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6228-244-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6236-247-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6244-261-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6356-264-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6508-248-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6540-249-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6548-250-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6556-254-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6592-252-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6612-253-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6640-251-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6848-259-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6860-255-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7028-256-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7072-257-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7148-258-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7176-260-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7260-271-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7272-272-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7328-273-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7336-274-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7544-275-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7660-277-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7668-278-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7708-279-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7924-280-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7932-285-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7944-281-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7952-282-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7964-283-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7972-291-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7980-284-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8000-286-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8008-293-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8056-300-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8088-292-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8264-302-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8276-303-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8332-304-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/8528-305-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download