5a56d5e04cac9c346319f83df436232a1cf08ad41195b88682e474cdbf2fb845

Analysis

max time kernel
11s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Size

639KB
MD5

3db93ba9a04d6aa506bab3f6b89d55f0
SHA1

b500271a4eced145a5c1e0bc27b5ee96194d40a8
SHA256

5a56d5e04cac9c346319f83df436232a1cf08ad41195b88682e474cdbf2fb845
SHA512

7763dc3b865a9eb624f07418f969ab5a0064380cfc5ece2f26e48d50f0df7ba090395f2a542e6003de898f52a054e2cd7445369be010e3327135c80cd27c27fd
SSDEEP

12288:A8EQoSMFqGQPqeR5N95pHRthl81SUXQPtixL6neOrBAudfS1t4olbm7GZ5H:A8wQiejFpxtfH7FixOrBXdfEjo81

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3280-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0007000000023423-5.dat	upx
behavioral2/memory/1860-38-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1004-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4292-156-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2312-171-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4760-172-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1852-185-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4548-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1860-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3280-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1084-184-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4964-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1004-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2372-193-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2172-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4292-191-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3280-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4760-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4868-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4736-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5016-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1852-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1084-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4044-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3592-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4944-196-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2312-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4384-207-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4744-205-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4548-206-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4216-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4540-212-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2372-211-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1592-214-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4944-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4832-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4964-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4184-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1856-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4920-226-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1768-225-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2264-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4044-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1368-220-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4084-219-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3932-218-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/212-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4936-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5016-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4476-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4736-227-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5556-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3648-232-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4816-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4216-236-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4832-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1656-243-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4540-242-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5764-245-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4212-248-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5704-250-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1856-249-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4184-247-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\french horse hardcore hidden ash lady .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian fucking horse [free] hole redhair .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian kicking beast big latex .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese lesbian porn several models boobs sm .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish fucking full movie mistress .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum catfight vagina lady (Sarah,Sandy).avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german blowjob uncut ¼ë .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish bukkake uncut vagina (Jenna).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia beastiality voyeur young .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\action xxx masturbation nipples gorgeoushorny (Kathrin).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\nude action masturbation legs high heels .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian porn [free] shoes .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action beast uncut legs penetration (Kathrin).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\trambling animal [free] legs young .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\gang bang blowjob hidden boobs fishy .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\norwegian action cum hot (!) cock wifey .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african gang bang hot (!) femdom .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african kicking big 40+ (Christine,Kathrin).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black lesbian masturbation legs beautyfull .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking beast hidden ejaculation (Ashley).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian cumshot [bangbus] .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish bukkake [free] vagina sweet (Ashley,Samantha).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\gay catfight boobs (Sylvia,Janette).zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\african bukkake hidden hole circumcision .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian lingerie [bangbus] .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\chinese fucking xxx uncut .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american beastiality blowjob [milf] .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\action big .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\malaysia handjob several models nipples hairy .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse horse lesbian hotel .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish trambling big high heels .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\italian porn lesbian big .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese cum catfight (Anniston).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish beastiality lesbian vagina girly .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\british sperm sperm licking (Liz).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\french porn public .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\tyrkish action fucking several models titts .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish fetish [free] fishy (Christine,Sarah).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\handjob beast several models hairy .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\gang bang blowjob hot (!) gorgeoushorny .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian sperm [free] ash young .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\japanese sperm uncut boots (Sandy,Sandy).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\kicking sperm sleeping hole high heels .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\fetish catfight .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\african horse lingerie several models feet bondage .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish action hidden hole .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian gang bang catfight swallow .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot kicking uncut hairy .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\russian handjob xxx catfight nipples boots .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\american horse action hot (!) 50+ .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\fetish bukkake licking .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fucking blowjob sleeping legs .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african cumshot hardcore [milf] vagina (Jade,Kathrin).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\brasilian bukkake nude public .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\british horse xxx lesbian .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse licking cock (Jade).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beast several models (Gina,Ashley).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\brasilian cumshot cumshot sleeping .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\french porn blowjob catfight .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie xxx full movie shower .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british handjob full movie nipples 50+ (Curtney,Janette).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beast girls .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake uncut ash sm (Anniston,Kathrin).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\porn voyeur .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\british nude gang bang girls young (Jenna).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\xxx public .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\chinese hardcore sleeping pregnant .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\horse kicking uncut (Sylvia,Sarah).rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\action sleeping cock ejaculation .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\spanish porn action sleeping vagina femdom .mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\sperm lingerie several models gorgeoushorny (Sandy).avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\brasilian cumshot hot (!) ash femdom (Sylvia).zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\indian lingerie [milf] (Kathrin,Ashley).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\british lingerie cumshot lesbian (Liz).zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\japanese blowjob bukkake full movie sweet .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\malaysia animal [bangbus] feet young (Gina,Curtney).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\beastiality uncut gorgeoushorny (Melissa,Gina).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\canadian sperm fucking sleeping .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action fetish big redhair (Tatjana,Gina).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\beast licking .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lesbian girls (Liz,Karin).mpeg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american blowjob masturbation titts latex .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\spanish beast horse voyeur .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\action action big balls .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\russian xxx girls glans (Sonja).mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lesbian cumshot catfight femdom .rar.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx horse big .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\spanish horse lingerie uncut legs black hairunshaved .avi.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish cum gay uncut (Janette).zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black animal [free] gorgeoushorny .zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french beastiality uncut vagina stockings (Sonja).zip.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\chinese gang bang hardcore several models .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling catfight YEâPSè& .mpg.exe	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1084	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1084	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1852	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1852	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4744	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4744	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4548	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4548	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4384	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4384	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4964	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4964	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2172	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2172	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2372	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
2372	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 1860	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	87
PID 3280 wrote to memory of 1860	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	87
PID 3280 wrote to memory of 1860	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	87
PID 1860 wrote to memory of 1004	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	89
PID 1860 wrote to memory of 1004	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	89
PID 1860 wrote to memory of 1004	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	89
PID 3280 wrote to memory of 4292	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	90
PID 3280 wrote to memory of 4292	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	90
PID 3280 wrote to memory of 4292	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	90
PID 1004 wrote to memory of 2312	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	91
PID 1004 wrote to memory of 2312	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	91
PID 1004 wrote to memory of 2312	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	91
PID 3280 wrote to memory of 4760	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	92
PID 3280 wrote to memory of 4760	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	92
PID 3280 wrote to memory of 4760	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	92
PID 1860 wrote to memory of 4868	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	93
PID 1860 wrote to memory of 4868	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	93
PID 1860 wrote to memory of 4868	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	93
PID 4292 wrote to memory of 3592	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	94
PID 4292 wrote to memory of 3592	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	94
PID 4292 wrote to memory of 3592	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	94
PID 1004 wrote to memory of 1084	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	95
PID 1004 wrote to memory of 1084	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	95
PID 1004 wrote to memory of 1084	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	95
PID 3280 wrote to memory of 1852	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	96
PID 3280 wrote to memory of 1852	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	96
PID 3280 wrote to memory of 1852	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	96
PID 2312 wrote to memory of 4744	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	97
PID 2312 wrote to memory of 4744	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	97
PID 2312 wrote to memory of 4744	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	97
PID 1860 wrote to memory of 4548	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	98
PID 1860 wrote to memory of 4548	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	98
PID 1860 wrote to memory of 4548	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	98
PID 4760 wrote to memory of 4384	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	99
PID 4760 wrote to memory of 4384	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	99
PID 4760 wrote to memory of 4384	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	99
PID 4292 wrote to memory of 4964	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	100
PID 4292 wrote to memory of 4964	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	100
PID 4292 wrote to memory of 4964	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	100
PID 4868 wrote to memory of 2172	4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 2172	4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 2172	4868	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	101
PID 3592 wrote to memory of 2372	3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	102
PID 3592 wrote to memory of 2372	3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	102
PID 3592 wrote to memory of 2372	3592	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	102
PID 3280 wrote to memory of 1592	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	103
PID 3280 wrote to memory of 1592	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	103
PID 3280 wrote to memory of 1592	3280	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	103
PID 1004 wrote to memory of 4944	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	104
PID 1004 wrote to memory of 4944	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	104
PID 1004 wrote to memory of 4944	1004	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	104
PID 2312 wrote to memory of 4084	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	106
PID 2312 wrote to memory of 4084	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	106
PID 2312 wrote to memory of 4084	2312	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	106
PID 1084 wrote to memory of 4044	1084	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	107
PID 1084 wrote to memory of 4044	1084	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	107
PID 1084 wrote to memory of 4044	1084	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	107
PID 1860 wrote to memory of 3932	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	105
PID 1860 wrote to memory of 3932	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	105
PID 1860 wrote to memory of 3932	1860	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	105
PID 4760 wrote to memory of 4736	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	108
PID 4760 wrote to memory of 4736	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	108
PID 4760 wrote to memory of 4736	4760	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	108
PID 4292 wrote to memory of 4476	4292	3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:20352
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20248
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        8⤵
        
        PID:20272
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20160
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20344
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20264
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20224
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20136
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20520
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20328
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:15860
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20320
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20184
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20312
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18132
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16052
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:17552
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:18140
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:10980
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:12364
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:16180
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4292
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20240
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:812
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20192
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20208
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20336
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16220
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20152
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20200
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16124
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16012
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:9568
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:14544
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4760
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20304
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16076
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16044
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16860
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:20280
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:12656
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:16084
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20296
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:15588
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20232
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:15824
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:18124
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:18376
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:12608
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:16060
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:16276
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:18084
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:18116
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
      4⤵
      PID:3724
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:12356
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:1876
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:10396
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:12268
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:14280
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:6464
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:8064
- - C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
    3⤵
    PID:17976
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:11232
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:12260
- C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3db93ba9a04d6aa506bab3f6b89d55f0_NeikiAnalytics.exe"
  2⤵
  PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action beast uncut legs penetration (Kathrin).mpeg.exe

Filesize
856KB

MD5
8affe2de85feb2762e783f4d51b9727a

SHA1
2b04b25e69d794551ff1a68b93298df190dc0918

SHA256
c3e2f93ce6c704b262cac821c417b7503bb6955d03886d0326b321cc1168e9f4

SHA512
1b046eaff2dd256c3f60493f4c3afea2ce4e9e493fbccc8bc450a856d062cd168fb46e35e1226b6bdafa0a624efd3ce71e7a7736ff45452fde92983d9c525943

Download Submit
memory/212-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/212-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/380-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/548-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1004-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1004-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1084-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1084-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1228-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1368-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1368-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1592-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1656-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1768-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1768-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1852-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1852-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1856-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1856-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1860-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1860-38-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2172-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2264-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2312-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2312-171-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2488-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2688-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2728-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2856-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3016-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3116-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3280-308-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3280-402-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3280-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3280-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3280-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3332-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3492-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3592-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3648-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3892-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3932-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4044-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4044-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4084-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4184-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4184-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4212-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4216-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4216-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4292-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4292-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4384-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4476-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4540-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4540-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4548-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4548-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4736-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4736-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4744-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4760-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4760-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4816-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4828-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4832-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4832-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4868-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4920-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4920-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4936-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4944-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4944-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4964-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4964-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5016-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5016-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5172-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5252-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5264-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5556-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5556-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5584-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5660-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5676-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5704-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5720-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5728-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5736-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5764-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5832-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6020-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6100-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6112-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6136-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6464-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6484-281-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download