3ba7c42a729daf1c889824dd5b3f1e75af28a9a6a00f145e3a9d815b9ea067d6

Analysis

max time kernel
14s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Size

1.5MB
MD5

0168ff5f782e30fa60c9bb05e14bf6f0
SHA1

51888ec8833ed614e5551a39cdda17cd51ba8478
SHA256

3ba7c42a729daf1c889824dd5b3f1e75af28a9a6a00f145e3a9d815b9ea067d6
SHA512

c532b6f7f0d6b16092d0c1088b0281ff6605c0eeaada8ccce525b179ee6c49a5a8aebf4df79b8b55829fc15f9f049adfbbceeedd71d97f5a908e8dbf1b489356
SSDEEP

24576:ZXZ+Hl9ELHcWJna6oZ41e0RzHsKcUscHpK71NRFhshD3ULkZn4diyN:dZ+Hl9ELHfYMbstQKDRohDYGM

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3328-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x0007000000023441-5.dat	upx
behavioral2/memory/4116-35-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3564-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4264-172-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3128-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5000-178-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3248-179-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4484-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3328-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1640-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4116-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4296-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2616-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3564-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3328-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1836-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3620-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2540-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2080-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4264-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4004-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/996-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3128-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5000-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3248-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3852-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4792-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1212-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4780-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4484-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2040-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2616-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5300-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5292-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1156-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5312-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5500-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1836-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1208-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5540-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4932-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5112-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3620-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4004-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5680-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5712-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4084-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3120-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3852-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5784-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4628-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1184-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/372-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4836-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2392-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5876-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5828-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5812-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1212-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4780-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5976-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4792-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5268-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\spanish bukkake full movie hole .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian cumshot gay uncut (Sylvia).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese animal lingerie catfight .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\danish action trambling several models .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black horse trambling catfight ¼ë (Sandy,Jade).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese kicking sperm girls feet high heels (Karin).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang beast several models glans .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian nude sperm [free] (Sylvia).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian cumshot fucking [milf] glans mature .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish beastiality sperm full movie leather .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish cum lesbian hot (!) wifey .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian beast hidden hotel .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\fucking lesbian cock .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay lesbian cock sweet .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\american horse xxx girls hole upskirt .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\bukkake licking .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian nude sperm [bangbus] mistress .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian fetish xxx licking glans \Û (Sarah).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\spanish beast hot (!) titts .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian kicking sperm several models gorgeoushorny .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake public glans .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx hidden feet circumcision (Janette).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish nude gay catfight .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish horse sperm [bangbus] ejaculation .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\beast [free] .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse masturbation beautyfull .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\bukkake lesbian hole beautyfull .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie hot (!) feet bedroom (Janette).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish cum lingerie catfight feet .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american beastiality blowjob public 50+ .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian gang bang xxx big ejaculation (Sandy,Jade).rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian horse [free] titts (Sonja,Sarah).rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african trambling voyeur blondie (Ashley,Liz).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\british sperm uncut (Melissa).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\russian nude fucking voyeur (Samantha).rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish cumshot lingerie full movie .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\lesbian voyeur shoes .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\norwegian horse masturbation hole (Gina,Melissa).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\swedish nude trambling [bangbus] black hairunshaved (Britney,Liz).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\horse gay public cock young (Curtney).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\asian xxx masturbation hole balls .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british lingerie lesbian feet .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\sperm sleeping hole .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\hardcore lesbian fishy .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american animal beast big (Liz).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian cumshot beast big hole .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\french sperm lesbian .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\italian nude gay [milf] .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\indian nude horse sleeping granny (Jenna,Melissa).mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese porn xxx hidden glans .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\fucking [free] feet mature .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian handjob beast hidden .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\nude trambling hot (!) .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african hardcore sleeping circumcision .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cum gay lesbian .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\black handjob blowjob girls .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse catfight glans black hairunshaved .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish lingerie hot (!) upskirt (Gina,Curtney).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\cum hardcore hot (!) feet .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish fetish hardcore uncut shower .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian cum blowjob hot (!) .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\gay [free] (Jade).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black fetish fucking hot (!) balls .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\german hardcore licking titts .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\animal trambling full movie feet upskirt (Liz).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay girls penetration .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action xxx masturbation .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\animal horse full movie (Sylvia).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish kicking bukkake big feet femdom (Sylvia).avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\american horse lingerie hot (!) mature .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish horse xxx hot (!) titts .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian cumshot sperm sleeping ejaculation .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\kicking xxx [bangbus] .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore voyeur glans .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian animal lingerie voyeur feet wifey .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking hidden titts (Sandy,Janette).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\handjob fucking public (Sarah).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\sperm lesbian feet young .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian beastiality sperm girls feet .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia lesbian masturbation glans (Sonja,Sarah).zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black porn gay licking girly .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\kicking beast sleeping glans shower (Tatjana).mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french beast lesbian glans lady .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\asian blowjob girls cock swallow (Sylvia).mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fucking masturbation hole young .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\asian gay masturbation balls .mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\african hardcore [free] beautyfull .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian voyeur hole .zip.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese cum lesbian masturbation cock granny .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese fucking [bangbus] sm .mpg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\handjob trambling hot (!) feet high heels (Sylvia).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\swedish gang bang fucking public cock .rar.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\asian lingerie catfight feet Ôï (Liz).mpeg.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\beastiality sperm public titts balls .avi.exe	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
5000	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
5000	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3248	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3248	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2040	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2040	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4484	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4484	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
1640	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
1640	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2616	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2616	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
1156	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
1156	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3620	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 4116	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	85
PID 3328 wrote to memory of 4116	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	85
PID 3328 wrote to memory of 4116	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	85
PID 3328 wrote to memory of 4296	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	89
PID 3328 wrote to memory of 4296	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	89
PID 3328 wrote to memory of 4296	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	89
PID 4116 wrote to memory of 3564	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	90
PID 4116 wrote to memory of 3564	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	90
PID 4116 wrote to memory of 3564	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	90
PID 4296 wrote to memory of 2540	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	94
PID 4296 wrote to memory of 2540	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	94
PID 4296 wrote to memory of 2540	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	94
PID 3328 wrote to memory of 4264	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	95
PID 3328 wrote to memory of 4264	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	95
PID 3328 wrote to memory of 4264	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	95
PID 4116 wrote to memory of 2080	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	96
PID 4116 wrote to memory of 2080	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	96
PID 4116 wrote to memory of 2080	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	96
PID 3564 wrote to memory of 996	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	97
PID 3564 wrote to memory of 996	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	97
PID 3564 wrote to memory of 996	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	97
PID 4296 wrote to memory of 3128	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	99
PID 4296 wrote to memory of 3128	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	99
PID 4296 wrote to memory of 3128	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	99
PID 4264 wrote to memory of 5000	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	100
PID 4264 wrote to memory of 5000	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	100
PID 4264 wrote to memory of 5000	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	100
PID 3328 wrote to memory of 2040	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	101
PID 3328 wrote to memory of 2040	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	101
PID 3328 wrote to memory of 2040	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	101
PID 2540 wrote to memory of 3248	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	102
PID 2540 wrote to memory of 3248	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	102
PID 2540 wrote to memory of 3248	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	102
PID 4116 wrote to memory of 4484	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	103
PID 4116 wrote to memory of 4484	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	103
PID 4116 wrote to memory of 4484	4116	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	103
PID 3564 wrote to memory of 1640	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	104
PID 3564 wrote to memory of 1640	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	104
PID 3564 wrote to memory of 1640	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	104
PID 2080 wrote to memory of 2616	2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	105
PID 2080 wrote to memory of 2616	2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	105
PID 2080 wrote to memory of 2616	2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	105
PID 996 wrote to memory of 1156	996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	106
PID 996 wrote to memory of 1156	996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	106
PID 996 wrote to memory of 1156	996	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	106
PID 3128 wrote to memory of 5112	3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	107
PID 3128 wrote to memory of 5112	3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	107
PID 3128 wrote to memory of 5112	3128	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	107
PID 4296 wrote to memory of 3620	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	108
PID 4296 wrote to memory of 3620	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	108
PID 4296 wrote to memory of 3620	4296	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	108
PID 2540 wrote to memory of 4932	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	109
PID 2540 wrote to memory of 4932	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	109
PID 2540 wrote to memory of 4932	2540	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	109
PID 4264 wrote to memory of 1836	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	110
PID 4264 wrote to memory of 1836	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	110
PID 4264 wrote to memory of 1836	4264	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	110
PID 3328 wrote to memory of 1208	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	111
PID 3328 wrote to memory of 1208	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	111
PID 3328 wrote to memory of 1208	3328	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	111
PID 3564 wrote to memory of 4004	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	112
PID 3564 wrote to memory of 4004	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	112
PID 3564 wrote to memory of 4004	3564	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	112
PID 2080 wrote to memory of 4084	2080	0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        8⤵
        
        PID:22536
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        8⤵
        
        PID:24432
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:22552
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        8⤵
        
        PID:21124
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20372
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20804
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:21132
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20844
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21364
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21076
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24536
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22784
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21408
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20988
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:23708
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:23648
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20772
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21068
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21140
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21356
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23640
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20868
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:22544
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20916
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24448
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20776
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20980
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21448
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24416
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20924
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20972
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19840
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20820
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19952
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21320
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20876
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24520
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:19932
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11324
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:21028
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:22512
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9724
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:15556
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:22328
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        8⤵
        
        PID:21108
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19856
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24308
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22560
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24264
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21020
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19880
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21060
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19920
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20152
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20136
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23892
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23656
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24456
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:21116
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        7⤵
        
        PID:23684
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20940
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20748
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20964
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19848
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:23628
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20900
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22520
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:19888
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19872
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21004
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20160
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20752
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20788
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24424
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:19752
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9652
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16372
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:21044
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:23676
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22336
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24408
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19536
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20812
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:21036
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19912
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20828
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20956
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21340
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22288
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:21052
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:22776
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4804
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:23692
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11440
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16116
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:21092
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18968
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20932
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20796
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20764
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11528
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16284
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:21012
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:1208
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23700
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:20996
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17304
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:22344
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11696
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16364
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:20948
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:372
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:740
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9692
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11432
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16076
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:21100
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:6108
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
      4⤵
      PID:12656
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:11268
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:16084
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:20860
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:7624
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:9300
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:10004
- - C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
    3⤵
    PID:24528
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:11368
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:16100
- C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0168ff5f782e30fa60c9bb05e14bf6f0_NeikiAnalytics.exe"
  2⤵
  PID:20892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian nude sperm [bangbus] mistress .zip.exe

Filesize
1.9MB

MD5
829d361615a80f303296944bba7922a4

SHA1
fd599739bcd08b4ba2e895c821990708d6f523ba

SHA256
1f9f13ace85aaaef48f536a101acd86f93f160f47f1637a111a39bdc872a647a

SHA512
98cd55f081822550898517cb8107f3b57c23392e1ca12f38a4c3946e7ab20f0c010291225971e8096b3fc493ae08f2b4d44d2a468aac9229ae60dd2dcd0ccd77

Download Submit
C:\debug.txt

Filesize
146B

MD5
599b07fa9c102086de7b1849b9aa28b5

SHA1
848ca38673fb098155c410173e7a9c71156a2ea8

SHA256
8b6b133c2b684d67de5715ce5b2ecccb3eb34d5f04290d2d3d7e690ddb717a5c

SHA512
a05a2f32d47005c9f8f48771b95e5708e5f5af336946b852b9df0d8599ea6ca14436bf87addb45012fc435e34e00b7fca5b43137dc029a90b43be76dac22e23b

Download Submit
memory/372-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/996-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1156-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1184-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1208-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1212-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1212-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1640-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1836-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1836-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2040-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2080-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2392-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2540-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2616-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2616-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2672-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3120-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3128-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3128-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3248-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3248-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3328-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3328-436-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3328-318-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3328-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3328-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3564-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3564-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3620-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3620-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3852-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3852-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4004-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4004-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4084-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4116-35-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4116-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4264-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4264-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4296-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4484-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4484-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4628-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4780-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4780-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4836-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4932-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5000-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5000-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5112-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5268-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5292-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5500-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5540-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5540-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5680-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5680-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5712-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5712-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5728-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5728-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5740-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5784-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5784-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5812-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5812-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5828-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5828-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5844-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5844-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5852-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5852-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5876-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5876-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5976-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5976-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6044-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6044-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6052-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6088-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6108-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6216-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6288-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6460-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6568-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6668-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6720-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6848-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6868-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6916-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6932-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7056-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download