6c9e3076f90a604c3b90031f0c893c9f0c1907cdfbea1530999b15ff76bb3c4d

Analysis

max time kernel
14s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Size

2.1MB
MD5

72ee82270f99466f4600a668a4cae7d0
SHA1

ecee8457ecd1c620e3528c67ca2794deb291e9b2
SHA256

6c9e3076f90a604c3b90031f0c893c9f0c1907cdfbea1530999b15ff76bb3c4d
SHA512

537f0dab765d5c91c6ee39d84b3442391c0f2551ff356fbee38cca700dc23f7653bae9896ae409d2304972e157c86186d5249ad9fb143cbd673b96f311e1e5bc
SSDEEP

49152:sm56as8dQTxLpJNPc9tMpUVXzS4kPJMV620rd+hL7GfKOY1:sezsQQTLPmokS9PuVcCLIO1

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4128-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x000900000002341c-5.dat	upx
behavioral2/memory/4484-21-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1248-154-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5076-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2412-182-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4196-183-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1580-184-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2400-185-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4140-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4128-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4004-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4484-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1248-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5076-191-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2412-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3516-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4196-196-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5016-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1580-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2400-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4576-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5060-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4140-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2024-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4004-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2376-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1780-205-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2404-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/228-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2024-207-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4032-206-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5096-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1356-212-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3040-218-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3652-217-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5068-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3640-215-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4576-214-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2840-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5108-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1656-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3256-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1832-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1396-220-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3972-219-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5528-227-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5544-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5628-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5680-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5696-232-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2404-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/228-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5688-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5868-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3972-238-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2840-237-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1356-236-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3652-242-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3544-239-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6072-248-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1656-247-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4040-256-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6092-252-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\russian porn beast several models cock traffic .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black beastiality bukkake big hole .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling girls lady .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob [bangbus] feet .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie [bangbus] titts (Gina,Curtney).mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black porn bukkake several models 50+ .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian fetish xxx full movie .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore girls (Samantha).mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore public cock .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\danish cumshot horse [milf] 50+ .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay sleeping cock high heels .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm uncut feet balls .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish kicking fucking hot (!) hole (Jenna,Samantha).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore lesbian fishy .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob hot (!) titts .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\fucking sleeping granny .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\brasilian cumshot bukkake hot (!) .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black nude gay hot (!) .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast [free] blondie .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian action lingerie catfight sweet .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian gang bang lingerie hidden glans .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action hardcore voyeur YEâPSè& .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american gang bang blowjob sleeping titts .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse catfight hairy .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob girls Ôï .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black horse trambling lesbian glans (Christine,Melissa).mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian nude fucking sleeping titts .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish fetish trambling lesbian .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish gang bang sperm [free] (Tatjana).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american gang bang blowjob full movie wifey .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\blowjob [milf] hole .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\gay full movie mistress .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\blowjob lesbian glans redhair .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\italian porn gay full movie .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german lesbian [milf] bondage .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\danish nude trambling [free] traffic .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian cum gay uncut titts shoes (Liz).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\swedish action xxx full movie titts lady (Samantha).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\malaysia bukkake masturbation feet .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black porn xxx full movie cock .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\russian kicking fucking several models hotel (Jenna,Janette).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot horse licking swallow (Jenna,Jade).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese fetish trambling [bangbus] cock ash (Sarah).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake sleeping hole 50+ .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american cumshot trambling catfight .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese blowjob hot (!) hole .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\canadian horse lesbian cock latex .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish cumshot horse sleeping high heels .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fetish lingerie voyeur (Karin).mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish cum bukkake catfight .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot lingerie girls redhair .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\british fucking several models titts traffic .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian xxx uncut titts hairy (Melissa).mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american beastiality bukkake uncut leather .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\indian horse lesbian [free] pregnant .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\american horse trambling full movie cock sweet .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking licking girly .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian handjob trambling uncut .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\nude hardcore [free] bondage .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian porn blowjob lesbian feet young (Melissa).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\tyrkish horse sperm [bangbus] .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gang bang lingerie lesbian wifey .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse public titts .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot trambling [milf] .rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\trambling [milf] cock .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\norwegian horse big cock shoes .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\trambling sleeping .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob lesbian hole (Anniston,Melissa).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian fetish fucking public YEâPSè& (Ashley,Jade).mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\asian xxx masturbation castration .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\horse sperm [free] blondie .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\german blowjob [free] .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\british hardcore public cock femdom (Jade).mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling several models .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\indian gang bang trambling [free] (Curtney).mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gay voyeur hole castration .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\blowjob full movie leather .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\italian cum blowjob girls sweet .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian beastiality xxx licking shower .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian horse lingerie licking hole boots .mpeg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\danish handjob fucking voyeur young (Christine,Karin).zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse sleeping titts .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking voyeur (Liz).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian horse sperm licking ash .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\sperm catfight pregnant .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\spanish blowjob voyeur sweet .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\british gay lesbian feet circumcision .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\handjob lesbian masturbation feet .mpg.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang hardcore licking hairy (Kathrin,Sarah).avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american animal bukkake public hole high heels .zip.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\kicking blowjob [free] swallow .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\tyrkish nude sperm [free] .avi.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\japanese cum horse masturbation cock upskirt (Liz).rar.exe	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4140	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4140	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4360	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4360	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4004	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4004	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3260	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3260	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3048	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3048	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2068	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2068	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
2024	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
4404	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4484	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	87
PID 4128 wrote to memory of 4484	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	87
PID 4128 wrote to memory of 4484	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	87
PID 4484 wrote to memory of 1248	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	88
PID 4484 wrote to memory of 1248	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	88
PID 4484 wrote to memory of 1248	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	88
PID 4128 wrote to memory of 5076	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	89
PID 4128 wrote to memory of 5076	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	89
PID 4128 wrote to memory of 5076	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	89
PID 4484 wrote to memory of 2412	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	90
PID 4484 wrote to memory of 2412	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	90
PID 4484 wrote to memory of 2412	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	90
PID 1248 wrote to memory of 3516	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	91
PID 1248 wrote to memory of 3516	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	91
PID 1248 wrote to memory of 3516	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	91
PID 4128 wrote to memory of 4196	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	92
PID 4128 wrote to memory of 4196	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	92
PID 4128 wrote to memory of 4196	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	92
PID 5076 wrote to memory of 1580	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	93
PID 5076 wrote to memory of 1580	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	93
PID 5076 wrote to memory of 1580	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	93
PID 4484 wrote to memory of 2400	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	94
PID 4484 wrote to memory of 2400	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	94
PID 4484 wrote to memory of 2400	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	94
PID 1248 wrote to memory of 4140	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	95
PID 1248 wrote to memory of 4140	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	95
PID 1248 wrote to memory of 4140	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	95
PID 2412 wrote to memory of 4360	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	96
PID 2412 wrote to memory of 4360	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	96
PID 2412 wrote to memory of 4360	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	96
PID 4128 wrote to memory of 3260	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	97
PID 4128 wrote to memory of 3260	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	97
PID 4128 wrote to memory of 3260	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	97
PID 3516 wrote to memory of 4004	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	98
PID 3516 wrote to memory of 4004	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	98
PID 3516 wrote to memory of 4004	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	98
PID 5076 wrote to memory of 3048	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	99
PID 5076 wrote to memory of 3048	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	99
PID 5076 wrote to memory of 3048	5076	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	99
PID 4196 wrote to memory of 4400	4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	100
PID 4196 wrote to memory of 4400	4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	100
PID 4196 wrote to memory of 4400	4196	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	100
PID 1580 wrote to memory of 2068	1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	101
PID 1580 wrote to memory of 2068	1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	101
PID 1580 wrote to memory of 2068	1580	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	101
PID 2400 wrote to memory of 4404	2400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	102
PID 2400 wrote to memory of 4404	2400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	102
PID 2400 wrote to memory of 4404	2400	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	102
PID 4484 wrote to memory of 2024	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	103
PID 4484 wrote to memory of 2024	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	103
PID 4484 wrote to memory of 2024	4484	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	103
PID 1248 wrote to memory of 4652	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	104
PID 1248 wrote to memory of 4652	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	104
PID 1248 wrote to memory of 4652	1248	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	104
PID 4128 wrote to memory of 5016	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	105
PID 4128 wrote to memory of 5016	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	105
PID 4128 wrote to memory of 5016	4128	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	105
PID 3516 wrote to memory of 4576	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	106
PID 3516 wrote to memory of 4576	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	106
PID 3516 wrote to memory of 4576	3516	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	106
PID 2412 wrote to memory of 4676	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	107
PID 2412 wrote to memory of 4676	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	107
PID 2412 wrote to memory of 4676	2412	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	107
PID 4140 wrote to memory of 5060	4140	72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe	108

C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4484
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        9⤵
        
        PID:25408
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:19032
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:20876
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:20900
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:25236
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23784
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:23796
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19056
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19072
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18984
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20712
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20916
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20988
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21992
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19344
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:25228
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19144
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:25392
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20700
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18976
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20616
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21824
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20932
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:25376
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19080
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20956
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21236
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:24292
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18960
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:20396
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20868
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:21656
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20964
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18856
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:22176
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:24548
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:25220
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19088
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21128
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22412
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21220
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20372
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:25260
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:19160
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:25384
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:25204
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19376
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20940
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:25196
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21700
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21008
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:24572
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20980
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:11828
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:25212
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22124
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:24284
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22436
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20972
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18760
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22420
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18872
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:24564
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:20380
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:19596
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14172
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:18816
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:25368
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        8⤵
        
        PID:21716
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:21228
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20412
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:19048
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21316
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19152
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21800
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:25252
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19640
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21816
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:24556
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20996
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20560
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8564
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:24768
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:24492
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:19008
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20388
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20608
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21004
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18968
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21684
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18880
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18800
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22628
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18928
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20948
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20676
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18720
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:21244
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:25244
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:20584
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14568
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:18888
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        7⤵
        
        PID:21808
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:21112
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:25188
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21692
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:26492
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:8528
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20364
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20568
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18864
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:19064
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:20860
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:25400
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14280
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:19136
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:21308
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:24776
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:22428
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
        5⤵
        
        PID:20404
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18824
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:19368
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:19016
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:25360
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14448
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:18904
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:18768
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:20924
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:21676
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14576
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:18952
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
      4⤵
      PID:21212
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:10292
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:14424
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:8348
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:6400
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:15116
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:3080
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:8448
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:17216
- - C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
    3⤵
    PID:22860
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:10212
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:14536
- C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72ee82270f99466f4600a668a4cae7d0_NeikiAnalytics.exe"
  2⤵
  PID:8404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish gang bang sperm [free] (Tatjana).zip.exe

Filesize
1.2MB

MD5
59e31d64a67b2f810d6b562477ade9e4

SHA1
eacdefa41b6f2d22b44bca8c2f59ca4bd415efc1

SHA256
dbbc17d7892aac6d6b6db57744038bbfd5d08e2d2b741398c620146359effabb

SHA512
68982c2bb53028a8ac46958885dcf5f50cfffbfd7ad9a4fdfde17d1b6035fb27b4981d86d342d2a9d8a6d8def31b6348467947b8ccbd76db0f4271f0883c2eb5

Download Submit
C:\debug.txt

Filesize
146B

MD5
806c404dccc4fb8fe8b79f528dea84f6

SHA1
172cf42de66b28453d31f53e1c333066ff9d88c9

SHA256
65b38cd9764e88bae1279b89e2c36953274399db2df5468e589ccd8513b10e2b

SHA512
2cd4f7840d19844afca94aa00adbe5875dd7aad73721f4c42c3e5c6f10b23035067399ef2927ced82dc23c8fe175a27d2a6bc737aeb30d776d2a7e3ae73bb75a

Download Submit
memory/228-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/228-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1248-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1248-154-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1356-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1356-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1396-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1396-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1580-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1580-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1656-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1656-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1664-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1780-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1832-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1832-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2024-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2024-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2376-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2400-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2400-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2412-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2412-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2840-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2840-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3040-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3040-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3256-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3256-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3296-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3516-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3544-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3640-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3640-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3652-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3652-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3972-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3972-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4004-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4004-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4032-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4040-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4128-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4128-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4140-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4140-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4196-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4196-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4484-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4484-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4576-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4576-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5016-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5060-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5068-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5068-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5076-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5076-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5096-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5108-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5108-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5528-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5528-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5544-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5544-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5628-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5628-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5680-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5680-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5688-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5688-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5696-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5696-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5772-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5868-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5876-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5944-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6040-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6064-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6072-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6092-286-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6092-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6112-289-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6120-288-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6380-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6392-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6612-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6640-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6752-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6872-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7000-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7036-283-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7160-287-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download