a435b3a43a2518d620d4fcb48081040cf18b28111fe806a34c6db07925089a62

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Size

1.9MB
MD5

5aa38effea41576509cdbdda82ed95f0
SHA1

86bfa7ebcf8b1c9ac1a36e34ca6a133b6ac77b9e
SHA256

a435b3a43a2518d620d4fcb48081040cf18b28111fe806a34c6db07925089a62
SHA512

4828d2e123bb307bc8877a764cdd04cb9fb193d7923f4cbcd5438675b678896a988ff93e486223adfc88a6b0f7a0a9129e5f6e371ee96688baf680c43dd04620
SSDEEP

49152:jwVJrPY2Cs7e/iYk8fWvsPBbgc2g2SVYdj/rQegI2Uhm/K:jwTrPY1SYpb8ga5xz2Ul

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1564-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/files/0x0007000000023432-5.dat	upx
behavioral2/memory/1352-25-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4500-158-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/232-157-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4508-184-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3136-186-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4812-185-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3632-187-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4432-188-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1396-189-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/752-191-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2504-190-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1656-192-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4604-193-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4088-194-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3796-195-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3688-199-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1896-198-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4176-197-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4648-200-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5100-201-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2972-204-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1652-203-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4608-202-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3256-205-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/1336-206-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/3644-208-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/4240-207-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5192-209-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5200-210-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5296-211-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5392-216-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5416-217-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5380-215-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5408-218-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5432-220-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5424-219-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5440-221-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5456-223-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5448-222-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6072-224-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5144-235-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5504-234-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5496-233-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5480-232-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5512-231-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5488-230-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5468-229-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/5464-228-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6108-227-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6100-226-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6092-225-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6408-247-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6452-246-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6444-245-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6432-244-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6332-240-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6400-239-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6392-238-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6384-237-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6344-236-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6592-250-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/6544-249-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\swedish horse xxx several models .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian hardcore [free] (Melissa).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian horse gay [free] mistress .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian animal beast big glans .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse xxx full movie hole .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian fetish lingerie uncut (Liz).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx [bangbus] (Samantha).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish horse trambling catfight (Jade).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie licking cock .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\bukkake [bangbus] feet (Sonja,Liz).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm catfight mistress .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian beastiality hardcore masturbation .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish nude bukkake big glans shower (Sarah).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\bukkake [free] lady .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese action bukkake voyeur shower .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish cum trambling [free] .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beastiality hardcore hidden .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx masturbation (Jade).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\gay full movie .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian fetish trambling hidden pregnant .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian full movie cock sm .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay several models .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish kicking bukkake licking YEâPSè& .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx licking glans (Britney,Curtney).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian [free] high heels (Ashley,Samantha).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish nude xxx lesbian gorgeoushorny .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\hardcore sleeping (Liz).mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish kicking gay sleeping wifey .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob girls cock bedroom (Curtney).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese kicking xxx voyeur titts (Sandy,Samantha).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast catfight glans upskirt (Sylvia).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african trambling hot (!) gorgeoushorny .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal horse sleeping glans bondage (Samantha).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\french fucking lesbian mature (Anniston,Karin).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\american nude trambling [free] titts pregnant (Sarah).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\malaysia lesbian public hole .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\african sperm [bangbus] .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\asian xxx licking hole balls .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\lingerie hot (!) redhair .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\brasilian animal gay catfight Ôï .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\swedish cum gay several models cock ash (Karin).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian fetish lesbian big gorgeoushorny .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm masturbation (Liz).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\lesbian girls feet sweet (Curtney).mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese lingerie [milf] .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian lesbian uncut (Janette).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\russian kicking horse voyeur feet black hairunshaved (Samantha).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\african xxx hidden (Melissa).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\brasilian beastiality hardcore uncut cock .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\xxx hidden (Sylvia).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude trambling big titts gorgeoushorny .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cum xxx catfight traffic (Christine,Jade).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\german trambling uncut gorgeoushorny (Gina,Samantha).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\japanese gang bang xxx several models stockings .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish bukkake [bangbus] titts gorgeoushorny .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\norwegian beast girls hole .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\tyrkish nude horse masturbation glans .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish beastiality lesbian [free] (Sarah).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian porn fucking licking .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian blowjob public (Curtney).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian blowjob [free] (Janette).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\fucking [bangbus] young .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\danish handjob blowjob public granny .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\indian cum trambling lesbian (Janette).mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian [milf] hole granny .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish bukkake hidden young .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\porn lesbian [bangbus] .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\nude gay uncut cock Ôï .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish blowjob licking hole .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\lesbian [bangbus] titts .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\action lingerie [bangbus] glans .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\animal hardcore [free] blondie (Christine,Liz).mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\danish nude sperm several models sm .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx masturbation feet balls (Jade).mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\japanese gang bang bukkake public bedroom .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish cumshot hardcore full movie cock latex .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\norwegian xxx [bangbus] (Liz).avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american animal fucking uncut ¼ë .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\porn beast public high heels (Anniston,Karin).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\malaysia lingerie [milf] titts (Christine,Curtney).rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cum xxx public (Sarah).mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\danish gang bang hardcore licking femdom .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\action xxx [milf] .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\german horse uncut .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking uncut (Janette).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse lesbian redhair .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beastiality xxx [bangbus] cock young (Tatjana).zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\cumshot sperm lesbian high heels .rar.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\fetish bukkake [milf] .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\beast full movie feet circumcision .avi.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum beast big bondage .zip.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish porn hardcore girls titts granny .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia bukkake catfight cock .mpeg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\japanese animal blowjob big hole .mpg.exe	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4432	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4432	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1396	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1396	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
2504	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
2504	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
752	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
752	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1656	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
1656	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4604	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4604	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4088	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4088	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3796	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3796	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1352	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	87
PID 1564 wrote to memory of 1352	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	87
PID 1564 wrote to memory of 1352	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	87
PID 1352 wrote to memory of 232	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	94
PID 1352 wrote to memory of 232	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	94
PID 1352 wrote to memory of 232	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	94
PID 1564 wrote to memory of 4500	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	95
PID 1564 wrote to memory of 4500	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	95
PID 1564 wrote to memory of 4500	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	95
PID 1352 wrote to memory of 4508	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	100
PID 1352 wrote to memory of 4508	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	100
PID 1352 wrote to memory of 4508	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	100
PID 232 wrote to memory of 4812	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	101
PID 232 wrote to memory of 4812	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	101
PID 232 wrote to memory of 4812	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	101
PID 1564 wrote to memory of 3136	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	102
PID 1564 wrote to memory of 3136	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	102
PID 1564 wrote to memory of 3136	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	102
PID 4500 wrote to memory of 3632	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	103
PID 4500 wrote to memory of 3632	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	103
PID 4500 wrote to memory of 3632	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	103
PID 4508 wrote to memory of 4432	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	105
PID 4508 wrote to memory of 4432	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	105
PID 4508 wrote to memory of 4432	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	105
PID 1352 wrote to memory of 1396	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	106
PID 1352 wrote to memory of 1396	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	106
PID 1352 wrote to memory of 1396	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	106
PID 1564 wrote to memory of 2504	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	108
PID 1564 wrote to memory of 2504	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	108
PID 1564 wrote to memory of 2504	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	108
PID 232 wrote to memory of 752	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	107
PID 232 wrote to memory of 752	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	107
PID 232 wrote to memory of 752	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	107
PID 4500 wrote to memory of 1656	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	109
PID 4500 wrote to memory of 1656	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	109
PID 4500 wrote to memory of 1656	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	109
PID 4812 wrote to memory of 4604	4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	110
PID 4812 wrote to memory of 4604	4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	110
PID 4812 wrote to memory of 4604	4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	110
PID 3136 wrote to memory of 4088	3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	111
PID 3136 wrote to memory of 4088	3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	111
PID 3136 wrote to memory of 4088	3136	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	111
PID 3632 wrote to memory of 3796	3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	112
PID 3632 wrote to memory of 3796	3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	112
PID 3632 wrote to memory of 3796	3632	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	112
PID 4508 wrote to memory of 1896	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	114
PID 4508 wrote to memory of 1896	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	114
PID 4508 wrote to memory of 1896	4508	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	114
PID 4432 wrote to memory of 4176	4432	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	113
PID 4432 wrote to memory of 4176	4432	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	113
PID 4432 wrote to memory of 4176	4432	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	113
PID 1352 wrote to memory of 3688	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	115
PID 1352 wrote to memory of 3688	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	115
PID 1352 wrote to memory of 3688	1352	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	115
PID 1564 wrote to memory of 4648	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	116
PID 1564 wrote to memory of 4648	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	116
PID 1564 wrote to memory of 4648	1564	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	116
PID 232 wrote to memory of 5100	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	117
PID 232 wrote to memory of 5100	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	117
PID 232 wrote to memory of 5100	232	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	117
PID 4500 wrote to memory of 4608	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	119
PID 4500 wrote to memory of 4608	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	119
PID 4500 wrote to memory of 4608	4500	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	119
PID 4812 wrote to memory of 2132	4812	5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe	120

C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1352
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:232
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:22108
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:18816
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:26188
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:19464
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:22288
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24488
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:19664
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:27052
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:24388
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:20760
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:28412
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:26228
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:22200
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:22040
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20564
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:26704
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22428
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:19852
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:27068
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:21856
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24712
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:28440
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22124
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19772
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26980
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:21232
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24820
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22820
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:28488
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19856
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:27060
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:26204
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24720
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22092
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24108
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22272
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18648
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26212
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19796
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26820
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:28448
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:28424
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20152
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26348
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24904
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23440
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20224
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:26792
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24692
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19788
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20828
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18844
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26268
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22032
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20420
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19880
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20724
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:28388
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19780
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26784
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21252
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:25572
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22076
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20732
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:28404
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22448
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22052
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:28432
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24912
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20652
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22816
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20700
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:28496
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7380
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:23156
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24952
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19296
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24896
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26340
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21564
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24496
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20548
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11628
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:26160
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24760
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:3912
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:26356
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19808
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11004
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:26364
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:15528
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22496
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4500
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:24792
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:22100
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20996
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26432
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:23128
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:20540
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:27800
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22524
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19860
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:27792
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19020
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26440
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26424
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21196
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:26396
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21968
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:24328
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24928
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22480
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:26800
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22164
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21356
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:2228
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:19940
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:26808
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22508
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24728
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:26260
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:19660
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:27652
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21200
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24736
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19872
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10572
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22516
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24768
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:21244
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:21816
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19012
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:26416
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20256
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:26196
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:20532
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:27368
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:14928
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22116
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3136
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:25316
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:24120
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22172
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:22440
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20556
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:28508
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22456
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22144
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23924
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24616
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:20572
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:27384
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:22084
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24624
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24480
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:22472
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19816
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:1400
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:4772
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11176
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:15512
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22220
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:20784
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:24504
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:23932
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24936
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:22464
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:6972
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24920
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:28396
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:7432
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:15432
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22424
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
        5⤵
        
        PID:25508
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24212
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:24812
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:11124
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:13068
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:18296
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:24700
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:5496
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:15132
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22024
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:6508
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
      4⤵
      PID:12236
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:22152
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:10088
- - C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
    3⤵
    PID:20768
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:15368
- C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa38effea41576509cdbdda82ed95f0_NeikiAnalytics.exe"
  2⤵
  PID:21512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian fetish trambling hidden pregnant .mpg.exe

Filesize
488KB

MD5
17e42a92f7327e4e1b0f1dbb096203d7

SHA1
f195e912b3e658049d33f642b9089c5f2377f586

SHA256
183fc9d2e6de8a41ea3747798531a3be7c21a3b949d7ba2ab0f5dbb3132a20d4

SHA512
63c29abde3f642aa43d0df9b2ec204d036894044adc5cf01f1cf05cb4d2eccf26573457fd8542606ddc7e64604ff048e01076a253b8d4019d8386da685fc98df

Download Submit
C:\debug.txt

Filesize
146B

MD5
afa4f8404a2f3bbabee8d95f009bf614

SHA1
d557c699c723a34426f0412ba8beeb4f425e84ca

SHA256
34a47d365edc00e786d7b82f11ee45fc882d3a44181b96ca928857ce27ba3773

SHA512
1a713ea0f1830f963362669696441f34ec52552feee28ef74f0295b1e424059214d22253d3f9ce15ac575efb0d0bdbdeed890a3e8689ce529cc2bd180607ba2d

Download Submit
memory/232-157-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/752-191-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1336-206-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1352-25-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1396-189-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1564-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1652-203-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1656-192-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1896-198-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2504-190-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2972-204-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3136-186-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3256-205-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3632-187-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3644-208-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3688-199-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3796-195-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4088-194-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4176-197-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4240-207-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4292-280-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4432-188-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4500-158-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4508-184-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4604-193-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4608-202-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4648-200-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4812-185-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5100-201-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5144-235-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5192-209-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5200-210-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5296-211-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5380-215-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5392-216-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5408-218-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5416-217-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5424-219-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5432-220-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5440-221-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5448-222-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5456-223-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5464-228-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5468-229-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5480-232-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5488-230-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5496-233-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5504-234-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5512-231-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6072-224-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6092-225-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6100-226-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6108-227-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6124-282-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6216-262-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6228-275-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6324-285-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6332-240-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6344-236-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6384-237-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6392-238-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6400-239-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6408-247-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6432-244-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6444-245-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6452-246-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6508-271-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6520-276-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6544-249-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6592-250-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6612-283-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6624-273-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6632-274-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6716-278-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6724-272-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6744-251-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6808-252-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6840-253-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6852-254-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6928-279-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6944-256-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6956-255-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6964-257-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6992-260-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7004-281-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7060-258-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7068-259-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7100-261-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7176-284-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7184-286-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7192-287-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7200-288-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7208-289-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7216-290-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7224-291-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/7356-277-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download