7459c1fe556ae3cf94a373eaf2b0dfe9dab591beb8bd81dd629a0c3233b01e97

Analysis

max time kernel
13s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Size

825KB
MD5

3dd828410c92c4ec67da93e962235990
SHA1

abe5f839108d4e2bc71fec604565f772f1561535
SHA256

7459c1fe556ae3cf94a373eaf2b0dfe9dab591beb8bd81dd629a0c3233b01e97
SHA512

b4d58879256e13b693f501e6c110cee081a07ee9b9c30c5af0c14af65fa66eb4c5737092941f7312c3033794a33f09f5284e86580257f212070d57f5d9274974
SSDEEP

24576:lq8YZLd6ao4fnOM+whYZZ7wkj0x8LOuRJoJBNR:/jOPhYTUkLiuRqz

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\X:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\A:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\J:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\L:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\O:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\S:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\B:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\M:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\N:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\U:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\W:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\E:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\G:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\I:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\K:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\R:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\H:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\P:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\T:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\cum lesbian upskirt .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black animal lesbian beautyfull .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\nude [bangbus] titts ash (Liz,Anniston).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum fetish public .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish sperm hidden bondage (Sandy).mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling cum catfight shoes .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian gay gay sleeping nipples .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal cumshot [milf] cock (Sarah).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking hardcore full movie .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian fetish horse voyeur black hairunshaved .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish animal girls hairy (Sonja,Gina).rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore blowjob hot (!) balls (Sonja).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\malaysia gang bang big vagina lady .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude big shoes (Sylvia,Britney).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling xxx voyeur granny (Sonja).rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob big (Sonja,Sonja).avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\nude full movie .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia trambling gay public .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish hardcore several models (Ashley,Samantha).rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\norwegian trambling [free] (Sandy,Samantha).avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality fetish hot (!) upskirt .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\xxx licking .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french cumshot masturbation boobs castration .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\blowjob catfight .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lingerie xxx [bangbus] ¼ë (Anniston).avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse full movie legs traffic .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese trambling masturbation legs .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum cum [milf] legs (Sonja).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian [free] pregnant .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian xxx [free] (Melissa).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal girls legs hairy (Sonja,Gina).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\lingerie lingerie licking young (Ashley,Jenna).mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\swedish horse big ash fishy .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\brasilian lingerie catfight balls (Jade).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\italian fucking masturbation titts fishy .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german fetish big fishy .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american gay girls boots .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\handjob nude licking .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish xxx cum masturbation titts .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian lingerie blowjob [free] beautyfull (Sandy).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\black cum hot (!) glans .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast cumshot hot (!) ash blondie (Melissa,Gina).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\german cum uncut nipples (Sarah).rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\indian beast uncut gorgeoushorny .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\trambling [bangbus] bedroom .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\porn public 50+ .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian animal hot (!) pregnant .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian bukkake sleeping swallow .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\japanese beast cumshot [milf] nipples (Sandy,Gina).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia kicking porn girls bedroom (Sylvia).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian xxx xxx several models hole mistress .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\spanish gay gay [free] shoes .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\cumshot [bangbus] circumcision .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese cum [bangbus] .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\chinese lesbian cum lesbian legs (Melissa,Liz).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german lesbian horse full movie femdom .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\cumshot trambling uncut titts sm .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\beastiality big sweet (Sonja,Karin).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cum several models shoes (Tatjana).mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\xxx several models boobs balls .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian lingerie [free] vagina mature .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british hardcore fetish [bangbus] (Jenna).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian action lesbian .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\action beastiality lesbian .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german cum big .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\canadian horse lesbian vagina .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian blowjob voyeur hole latex (Samantha,Sandy).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian horse action sleeping gorgeoushorny .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese xxx trambling lesbian legs granny .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\asian beast gang bang [free] hole wifey .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cumshot full movie cock 50+ .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\sperm fucking girls shoes .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\gay full movie hairy (Sarah).avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\beastiality big shoes .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\blowjob uncut legs 40+ .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\french cumshot sleeping .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african beastiality blowjob girls titts .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\malaysia gay [free] sweet .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\horse sperm [milf] nipples femdom (Jenna).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\malaysia hardcore kicking catfight bedroom .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\black kicking full movie .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish beastiality gang bang uncut glans lady .mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\gang bang gay public circumcision (Sandy).avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian horse public (Christine).mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\chinese gang bang fetish catfight cock leather .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx sleeping stockings .avi.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african bukkake sleeping nipples 40+ .zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\blowjob lesbian hole .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking voyeur sweet .rar.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\british fetish lingerie [milf] shoes (Sandy).zip.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\fucking cum [free] (Anniston).mpg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\xxx blowjob catfight pregnant .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british horse several models redhair .mpeg.exe	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3228	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3504	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3228	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3504	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4588	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4588	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4460	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4460	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2148	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2148	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
804	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
804	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4392	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4392	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2180	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
2180	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 388	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	86
PID 3196 wrote to memory of 388	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	86
PID 3196 wrote to memory of 388	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	86
PID 388 wrote to memory of 1388	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	88
PID 388 wrote to memory of 1388	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	88
PID 388 wrote to memory of 1388	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	88
PID 3196 wrote to memory of 1660	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	89
PID 3196 wrote to memory of 1660	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	89
PID 3196 wrote to memory of 1660	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	89
PID 388 wrote to memory of 2844	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	90
PID 388 wrote to memory of 2844	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	90
PID 388 wrote to memory of 2844	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	90
PID 1388 wrote to memory of 1000	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	91
PID 1388 wrote to memory of 1000	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	91
PID 1388 wrote to memory of 1000	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	91
PID 3196 wrote to memory of 3336	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	92
PID 3196 wrote to memory of 3336	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	92
PID 3196 wrote to memory of 3336	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	92
PID 1660 wrote to memory of 4704	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	93
PID 1660 wrote to memory of 4704	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	93
PID 1660 wrote to memory of 4704	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	93
PID 1388 wrote to memory of 4336	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	94
PID 1388 wrote to memory of 4336	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	94
PID 1388 wrote to memory of 4336	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	94
PID 388 wrote to memory of 3504	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	95
PID 388 wrote to memory of 3504	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	95
PID 388 wrote to memory of 3504	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	95
PID 3196 wrote to memory of 3228	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	96
PID 3196 wrote to memory of 3228	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	96
PID 3196 wrote to memory of 3228	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	96
PID 2844 wrote to memory of 4588	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	97
PID 2844 wrote to memory of 4588	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	97
PID 2844 wrote to memory of 4588	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	97
PID 1660 wrote to memory of 4460	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	98
PID 1660 wrote to memory of 4460	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	98
PID 1660 wrote to memory of 4460	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	98
PID 1000 wrote to memory of 2148	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	99
PID 1000 wrote to memory of 2148	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	99
PID 1000 wrote to memory of 2148	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	99
PID 3336 wrote to memory of 804	3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	100
PID 3336 wrote to memory of 804	3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	100
PID 3336 wrote to memory of 804	3336	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	100
PID 4704 wrote to memory of 4392	4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	101
PID 4704 wrote to memory of 4392	4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	101
PID 4704 wrote to memory of 4392	4704	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	101
PID 1388 wrote to memory of 2180	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	102
PID 1388 wrote to memory of 2180	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	102
PID 1388 wrote to memory of 2180	1388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	102
PID 388 wrote to memory of 1904	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	103
PID 388 wrote to memory of 1904	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	103
PID 388 wrote to memory of 1904	388	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	103
PID 3196 wrote to memory of 4872	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	104
PID 3196 wrote to memory of 4872	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	104
PID 3196 wrote to memory of 4872	3196	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	104
PID 1660 wrote to memory of 5096	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	105
PID 1660 wrote to memory of 5096	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	105
PID 1660 wrote to memory of 5096	1660	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	105
PID 2844 wrote to memory of 1392	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	106
PID 2844 wrote to memory of 1392	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	106
PID 2844 wrote to memory of 1392	2844	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	106
PID 1000 wrote to memory of 4480	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	107
PID 1000 wrote to memory of 4480	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	107
PID 1000 wrote to memory of 4480	1000	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	107
PID 3228 wrote to memory of 4632	3228	3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe	108

C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        9⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18756
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:212
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12348
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18772
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18656
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:16380
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:16436
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:10904
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:12228
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:18324
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18740
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18724
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:16324
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:19008
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:11032
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:18276
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:19028
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:15740
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18396
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:10816
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:12100
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:15732
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:18420
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  PID:4872
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:15936
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:10036
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:12028
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:15624
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  PID:5104
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:12356
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:18764
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  PID:6600
- - C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
    3⤵
    PID:18340
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  PID:9640
- C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3dd828410c92c4ec67da93e962235990_NeikiAnalytics.exe"
  2⤵
  PID:17080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude big shoes (Sylvia,Britney).mpg.exe

Filesize
1.2MB

MD5
469b7d7c9ac06743b9ef1cc75ca425ed

SHA1
8dde3d588801738dfa9d785722c17d7f615538df

SHA256
70194af285e484796467f18a964f48b056bc2046b5cf29118ea5f41360e93471

SHA512
bf6908ad90c22208c89b66109137940909bfedf7aff148df93817d9e06ced74d68ff3d9e3d8ae64463e355ec140203f446d2aea8d931bb932d93dac66d706a69

Download Submit
memory/388-80-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/404-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/760-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/804-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1000-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1000-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1388-166-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1392-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1508-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1508-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1660-167-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1660-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1844-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1844-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1896-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1904-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1904-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1968-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2148-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2180-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2200-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2224-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2488-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2488-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2508-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2844-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2864-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3048-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3048-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3104-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3196-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3196-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3196-286-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3196-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3228-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3228-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3336-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3336-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3436-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3436-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3440-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3504-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3504-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4176-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4176-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4336-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4336-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4376-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4376-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4392-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4392-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4412-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4460-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4460-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4480-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4484-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4588-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4588-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4600-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4624-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4624-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4632-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4704-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4872-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4872-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4932-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5076-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5076-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5096-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5104-285-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5104-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5508-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5516-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5604-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5644-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5652-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5676-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5684-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5724-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5820-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5860-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5868-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6020-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6064-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6068-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6080-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6136-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6472-294-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6476-287-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6488-288-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6496-291-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6504-289-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6512-292-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6520-293-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6552-290-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download