6411bb2688caeea96558024095ea5790bd7880ae03f07d8475ededfddfce281e

Analysis

max time kernel
16s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Size

265KB
MD5

7495737e0bbe2fceb92735ff0c753ed0
SHA1

440c18374d426781f0358ce85ed4feb520a4b467
SHA256

6411bb2688caeea96558024095ea5790bd7880ae03f07d8475ededfddfce281e
SHA512

f4a8d0ee235ebc315cf7878924383e0885944efcc7d12b7e0355d6716dab233668383f8f4270dbf1a05fa27291b70e649b4292df382ba381aaeb55cedbb92015
SSDEEP

6144:NPDLCL+Io5R4nM/4eXghQQ+pbOe32Nbol3y8ZwTirt8r9xZMf:NPKLyqGXghQJbOec8l3y8Z268BnMf

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3244-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x000c000000023388-5.dat	upx
behavioral2/memory/624-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1732-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1608-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4668-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/412-178-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2780-177-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4672-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4168-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4340-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3792-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5036-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4216-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2304-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3244-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3676-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3868-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1732-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1608-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/624-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3608-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4668-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/412-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2780-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1264-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4672-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3068-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4168-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3792-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/856-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5036-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3584-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5196-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3340-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4340-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5284-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5276-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4216-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5568-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5552-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3768-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5528-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4996-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5560-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1264-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3608-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5520-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5468-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5512-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5504-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5496-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5488-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1524-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6204-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6196-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5284-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5276-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6276-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6312-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6412-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6336-253-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\beastiality trambling uncut titts .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie girls pregnant .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish cum horse masturbation glans traffic .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian porn trambling public castration .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\gay sleeping cock boots (Melissa).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm full movie feet 40+ .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese beastiality horse public hole (Gina,Janette).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american action hardcore [milf] (Karin).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian handjob xxx [free] (Karin).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish horse xxx girls penetration .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian horse blowjob several models (Sarah).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx girls leather .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\brasilian cum gay public (Liz).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay licking feet lady .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx sleeping granny .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian handjob blowjob several models titts .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking [bangbus] cock girly .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx girls feet .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie voyeur titts hotel .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian animal lingerie big .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian action fucking [bangbus] (Jade).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian cum gay lesbian feet stockings .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\swedish animal lesbian hidden cock redhair (Jade).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\horse big black hairunshaved (Gina,Samantha).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\beast lesbian shoes .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\lingerie lesbian hole pregnant .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian lingerie voyeur glans shower .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian gang bang lesbian public leather .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian sleeping 40+ (Kathrin,Samantha).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian action horse girls black hairunshaved .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\trambling voyeur glans ash (Curtney).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian xxx girls balls (Sonja,Karin).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\canadian lingerie catfight titts leather .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\black animal gay hot (!) cock granny .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\gang bang sperm masturbation hole circumcision (Karin).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian lingerie voyeur .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian bukkake girls glans 50+ (Jade).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\italian animal fucking [free] glans hairy (Tatjana).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast [free] hole (Jenna,Melissa).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\handjob lingerie public .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\norwegian hardcore [bangbus] feet young .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\black kicking fucking full movie .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\nude beast hot (!) glans sm (Janette).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\british xxx hot (!) boots .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\gang bang fucking [bangbus] stockings .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking full movie (Curtney).avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob hidden 40+ .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\action xxx lesbian glans hairy .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\fucking uncut black hairunshaved .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\brasilian porn sperm masturbation traffic (Sonja,Sarah).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\japanese fetish lesbian several models hole .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\handjob blowjob hot (!) .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\sperm sleeping .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\french beast licking glans boots .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\chinese lesbian girls sm .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black cumshot horse full movie swallow .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\kicking beast masturbation glans redhair .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\horse lesbian [milf] cock boots (Melissa).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\tyrkish horse beast [bangbus] glans hotel .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish porn horse hot (!) circumcision .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black fetish bukkake several models hole .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\nude lingerie [milf] cock shoes (Tatjana).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\fetish sperm uncut hole latex (Janette).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\animal horse hot (!) boots .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\german beast uncut feet hairy .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian xxx [milf] cock .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\malaysia gay public .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\porn lesbian public shower .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie big blondie .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\malaysia gay hot (!) (Tatjana).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\xxx full movie gorgeoushorny .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian kicking trambling lesbian feet .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\malaysia gay hidden (Sylvia).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\italian horse trambling several models titts shoes .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\american gang bang horse lesbian latex .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian cumshot beast catfight hole .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish trambling catfight fishy .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\african fucking [bangbus] (Sylvia).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob hidden penetration .mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\trambling big (Sylvia).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\black horse gay hot (!) hole shoes (Samantha).rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\brasilian gang bang trambling full movie .rar.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\handjob horse uncut 40+ (Gina,Tatjana).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\blowjob several models cock (Sandy,Sarah).mpeg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\nude hardcore full movie glans .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse fucking [free] titts swallow (Samantha).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african lingerie several models (Samantha).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\russian fetish blowjob girls (Melissa).zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian kicking sperm masturbation bedroom .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\animal bukkake masturbation titts .avi.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\blowjob uncut titts YEâPSè& (Liz).mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\tyrkish handjob xxx lesbian lady .zip.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian nude lesbian girls cock .mpg.exe	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4672	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4672	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
5036	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
5036	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4168	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4168	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3792	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3792	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4340	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4340	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3340	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3340	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4216	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
4216	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2304	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
2304	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3676	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
3676	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 624	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	88
PID 3244 wrote to memory of 624	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	88
PID 3244 wrote to memory of 624	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	88
PID 624 wrote to memory of 1608	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	92
PID 624 wrote to memory of 1608	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	92
PID 624 wrote to memory of 1608	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	92
PID 3244 wrote to memory of 1732	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	93
PID 3244 wrote to memory of 1732	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	93
PID 3244 wrote to memory of 1732	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	93
PID 1732 wrote to memory of 2780	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	97
PID 1732 wrote to memory of 2780	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	97
PID 1732 wrote to memory of 2780	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	97
PID 3244 wrote to memory of 412	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	98
PID 3244 wrote to memory of 412	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	98
PID 3244 wrote to memory of 412	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	98
PID 624 wrote to memory of 4668	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	99
PID 624 wrote to memory of 4668	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	99
PID 624 wrote to memory of 4668	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	99
PID 1608 wrote to memory of 3584	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	100
PID 1608 wrote to memory of 3584	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	100
PID 1608 wrote to memory of 3584	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	100
PID 3244 wrote to memory of 5036	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	102
PID 3244 wrote to memory of 5036	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	102
PID 3244 wrote to memory of 5036	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	102
PID 1732 wrote to memory of 4168	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	103
PID 1732 wrote to memory of 4168	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	103
PID 1732 wrote to memory of 4168	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	103
PID 1608 wrote to memory of 4672	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	104
PID 1608 wrote to memory of 4672	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	104
PID 1608 wrote to memory of 4672	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	104
PID 624 wrote to memory of 3792	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	105
PID 624 wrote to memory of 3792	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	105
PID 624 wrote to memory of 3792	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	105
PID 2780 wrote to memory of 4340	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	106
PID 2780 wrote to memory of 4340	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	106
PID 2780 wrote to memory of 4340	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	106
PID 4668 wrote to memory of 3340	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	107
PID 4668 wrote to memory of 3340	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	107
PID 4668 wrote to memory of 3340	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	107
PID 412 wrote to memory of 4216	412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	108
PID 412 wrote to memory of 4216	412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	108
PID 412 wrote to memory of 4216	412	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	108
PID 3584 wrote to memory of 2304	3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	109
PID 3584 wrote to memory of 2304	3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	109
PID 3584 wrote to memory of 2304	3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	109
PID 3244 wrote to memory of 3676	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	111
PID 3244 wrote to memory of 3676	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	111
PID 3244 wrote to memory of 3676	3244	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	111
PID 1732 wrote to memory of 3868	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	113
PID 1732 wrote to memory of 3868	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	113
PID 1732 wrote to memory of 3868	1732	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	113
PID 624 wrote to memory of 3768	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	114
PID 624 wrote to memory of 3768	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	114
PID 624 wrote to memory of 3768	624	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	114
PID 1608 wrote to memory of 4996	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	115
PID 1608 wrote to memory of 4996	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	115
PID 1608 wrote to memory of 4996	1608	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	115
PID 4668 wrote to memory of 3608	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	116
PID 4668 wrote to memory of 3608	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	116
PID 4668 wrote to memory of 3608	4668	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	116
PID 2780 wrote to memory of 1264	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	117
PID 2780 wrote to memory of 1264	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	117
PID 2780 wrote to memory of 1264	2780	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	117
PID 3584 wrote to memory of 3068	3584	7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:624
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        9⤵
        
        PID:19516
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:22868
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:25368
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:23192
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:18996
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18544
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:23816
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18140
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:22936
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:23096
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:25572
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23904
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:23864
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:20724
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25352
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18688
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:24744
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23076
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:22832
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:25336
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25532
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23068
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23824
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25548
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:22696
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18988
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:25360
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:25500
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:23084
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23840
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18924
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23728
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25632
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:22848
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:24328
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25452
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23888
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18440
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25344
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23736
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:22900
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:23036
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23808
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:184
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18876
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:19500
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:25564
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:22840
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23044
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16592
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25032
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23896
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:22876
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18744
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:25596
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:13340
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18456
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:16480
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        8⤵
        
        PID:18940
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:24752
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:22920
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:25524
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:22888
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25516
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:22824
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:19508
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17780
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25588
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25040
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:19004
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:8
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23848
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23052
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:19524
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23176
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25472
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:24760
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23752
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:23832
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18704
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25480
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25464
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:22880
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16448
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:23856
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13768
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:13040
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18352
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:25556
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        7⤵
        
        PID:19548
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:25540
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:24728
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:23028
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:22928
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25508
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:23912
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18884
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18964
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:24736
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:24340
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23416
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:22912
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:19948
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:13412
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:17464
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18160
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:25580
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:20568
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16580
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:18972
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:23880
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:19208
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:13372
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:17192
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:23744
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
        5⤵
        
        PID:23060
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:22904
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18948
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:11208
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18240
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:23872
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:5576
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:24724
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
      4⤵
      PID:20560
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:13244
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:17176
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18004
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:7292
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:14960
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18868
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:9700
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:17996
- - C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
    3⤵
    PID:18164
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:3756
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:17316
- C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\7495737e0bbe2fceb92735ff0c753ed0_NeikiAnalytics.exe"
  2⤵
  PID:17844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking [bangbus] cock girly .mpg.exe

Filesize
1.7MB

MD5
a0a261260ed90faeab1632ca3ee0a466

SHA1
720608f57941bda1bbd679b58f0749cce4cce7f8

SHA256
d0c4e2577ce2452499806fc156257e571192af11ede41e17b951767d2a8f4f70

SHA512
78f0ce7c7dd0260261bce6afbb1ee1ccde588e493c8720e9035ee74ce9eb9d2605b0a6d6a712da7814e10f4fc6d3f3db40060e6dd966c9cc6aa0168b95448516

Download Submit
C:\debug.txt

Filesize
146B

MD5
ae21d2d6cd6e8795c7978ae85c709b24

SHA1
29e41e227e8bc5099e757b5f662f6a4a4beb3d47

SHA256
47f812c9c93c51292735332d33e7a9291fb301fd0e81e04d4530a7acd95468c3

SHA512
bdd821bc34f77e920bf56fa844476eb882fc230438a4b7f7a187eda381845ef2e75807f95f08a27d3694b10ccd83bf2e129962a82b04e233208c877d126bac78

Download Submit
memory/412-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/412-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/624-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/624-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/856-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1264-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1264-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1524-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1608-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1608-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1732-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1732-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2304-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2780-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2780-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3068-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3244-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3244-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3340-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3584-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3608-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3608-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3676-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3768-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3868-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4168-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4168-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4216-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4216-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4340-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4340-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4668-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4668-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4672-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4672-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4996-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5036-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5036-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5196-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5284-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5284-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5456-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5488-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5488-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5496-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5496-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5504-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5504-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5512-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5512-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5520-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5520-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5528-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5528-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5552-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5560-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5560-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5568-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5568-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6196-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6204-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6204-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6312-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6336-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6344-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6380-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6396-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6404-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6412-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6420-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6428-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6576-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6736-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6912-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6920-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6928-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6936-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6944-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6952-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6960-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6968-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6976-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6984-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6992-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7068-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7080-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7368-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download