354647b737417689d3b5c2bc37f5a0c4ccfedb6f67ce233ce2be8b5c4276b948

Analysis

max time kernel
14s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Size

1.5MB
MD5

ddcb7a59349e09c55fb7bba3ea549ec0
SHA1

0e281751b836ba4b210ceb300cfe34aa4f17d38c
SHA256

354647b737417689d3b5c2bc37f5a0c4ccfedb6f67ce233ce2be8b5c4276b948
SHA512

7d9467b7868622fcbb4259c2ed54cd4feed0f2c31f4a981318077cc8b22ad5d14d03cf2cff9b1fd24a643ab7b51542cb3adb0a83f03727467ae2ee932de154c2
SSDEEP

24576:VXqi1IGrup4HiOGEbYX5w3GuUE57V2SkRLTH3OubB8C1H40ABf1q7Zk7FsIYCATD:dqimkuaH3063GrE57V4tCudS0Ef1q7Zn

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1920-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023434-5.dat	upx
behavioral2/memory/4164-154-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1740-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2296-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3168-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/404-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4508-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1920-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/804-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/232-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4164-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1740-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3660-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3016-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3608-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/744-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2176-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1920-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3168-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/720-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/668-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/396-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/804-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4796-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4000-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4356-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3660-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2124-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2244-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/404-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4908-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1512-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1444-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1192-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5184-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5192-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/744-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5132-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3608-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3692-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/668-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5508-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5424-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4000-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2124-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3708-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4908-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6292-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6364-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1512-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1444-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6468-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5416-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6504-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5192-247-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5184-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6460-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6396-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5132-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6224-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4356-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\italian hardcore handjob licking (Sonja,Samantha).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling big hotel .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal hot (!) ash .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french handjob animal sleeping YEâPSè& .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian gay [free] young (Kathrin).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast sperm public shoes .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian handjob several models high heels .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian blowjob big boobs sm .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish hardcore sperm [milf] boots (Jade,Christine).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian beastiality hidden nipples fishy .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish blowjob kicking big .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian animal masturbation nipples mature .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\spanish nude lesbian wifey (Jenna,Kathrin).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\cumshot public feet 50+ .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling [bangbus] vagina 50+ (Britney,Samantha).avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\animal action voyeur hole castration .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian horse horse public castration .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\kicking hardcore hot (!) titts black hairunshaved .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\fucking lingerie licking (Sarah).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian fucking hot (!) ash (Curtney,Anniston).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian fetish hidden lady .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\indian cum fucking hot (!) traffic .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\action gang bang [milf] .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\xxx hidden .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\nude horse hidden mature (Curtney,Gina).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse masturbation (Sylvia,Ashley).avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\chinese horse masturbation legs balls .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african sperm sleeping young .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\nude sperm voyeur nipples boots .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse cum [bangbus] mistress .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish porn catfight wifey .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\bukkake masturbation glans .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\fetish masturbation 50+ (Jenna).mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\animal trambling girls leather .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian cumshot hidden .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\black cumshot [free] penetration .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese lesbian trambling hot (!) .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\xxx sleeping traffic .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\bukkake beastiality uncut .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian nude hidden lady .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian hardcore gang bang girls sweet .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\brasilian beastiality lingerie sleeping nipples .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\hardcore horse full movie femdom .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\spanish horse sleeping nipples .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\swedish fetish porn masturbation vagina .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm voyeur balls .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cumshot hot (!) redhair .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian gay horse sleeping castration .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse [milf] (Melissa,Sandy).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian action kicking girls (Sylvia,Ashley).mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\chinese handjob full movie balls (Ashley,Samantha).mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\french beastiality bukkake voyeur stockings .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\malaysia gay big boots .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\animal hardcore licking .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french nude xxx [milf] penetration .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\norwegian gay voyeur shoes .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fetish catfight feet boots .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\sperm full movie .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\handjob fetish several models .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish bukkake sleeping (Jade,Sylvia).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese handjob fetish voyeur (Jade).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\indian handjob public (Janette).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\british sperm hidden .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian kicking several models sm .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\asian beast public 40+ .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african lingerie trambling several models girly .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\sperm fucking [free] .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\italian action cumshot licking hole bondage .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\french kicking cum catfight traffic (Sonja).mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\blowjob sleeping ash fishy .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\chinese lingerie hidden (Sonja).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish bukkake porn [bangbus] (Anniston,Sarah).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\japanese horse masturbation hole .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\canadian kicking animal [milf] ash .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\chinese beast uncut vagina sm (Jade,Christine).rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german horse hot (!) vagina mature (Jenna,Sylvia).avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\gang bang animal uncut 40+ (Gina).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\canadian beast girls hole .mpeg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american bukkake [free] (Janette,Samantha).rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lingerie hidden vagina ash (Janette,Jenna).rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian blowjob fucking [free] boots .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian beastiality action lesbian mature (Sonja,Kathrin).rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\tyrkish gay kicking several models .zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang licking .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gang bang kicking lesbian nipples sweet .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action sleeping mature .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian beast masturbation bedroom (Jade,Ashley).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\african hardcore trambling public hotel .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\lesbian animal girls girly .avi.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish cumshot several models .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\canadian kicking sleeping .rar.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian horse fucking several models circumcision (Sonja,Liz).zip.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\italian sperm gang bang lesbian .mpg.exe	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
404	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
404	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4508	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4508	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
396	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
396	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
804	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
804	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4796	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4796	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2844	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2844	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3660	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3660	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1192	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
1192	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3608	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
3608	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 232	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	89
PID 1920 wrote to memory of 232	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	89
PID 1920 wrote to memory of 232	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	89
PID 1920 wrote to memory of 4164	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	93
PID 1920 wrote to memory of 4164	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	93
PID 1920 wrote to memory of 4164	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	93
PID 232 wrote to memory of 1740	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	94
PID 232 wrote to memory of 1740	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	94
PID 232 wrote to memory of 1740	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	94
PID 1920 wrote to memory of 3016	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	98
PID 1920 wrote to memory of 3016	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	98
PID 1920 wrote to memory of 3016	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	98
PID 232 wrote to memory of 2296	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	99
PID 232 wrote to memory of 2296	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	99
PID 232 wrote to memory of 2296	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	99
PID 4164 wrote to memory of 2176	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	100
PID 4164 wrote to memory of 2176	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	100
PID 4164 wrote to memory of 2176	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	100
PID 1740 wrote to memory of 3168	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	101
PID 1740 wrote to memory of 3168	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	101
PID 1740 wrote to memory of 3168	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	101
PID 1920 wrote to memory of 404	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	104
PID 1920 wrote to memory of 404	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	104
PID 1920 wrote to memory of 404	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	104
PID 232 wrote to memory of 4508	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	105
PID 232 wrote to memory of 4508	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	105
PID 232 wrote to memory of 4508	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	105
PID 4164 wrote to memory of 396	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	106
PID 4164 wrote to memory of 396	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	106
PID 4164 wrote to memory of 396	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	106
PID 3016 wrote to memory of 4796	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	107
PID 3016 wrote to memory of 4796	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	107
PID 3016 wrote to memory of 4796	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	107
PID 2296 wrote to memory of 804	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	108
PID 2296 wrote to memory of 804	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	108
PID 2296 wrote to memory of 804	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	108
PID 1740 wrote to memory of 2844	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	109
PID 1740 wrote to memory of 2844	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	109
PID 1740 wrote to memory of 2844	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	109
PID 2176 wrote to memory of 3660	2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	110
PID 2176 wrote to memory of 3660	2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	110
PID 2176 wrote to memory of 3660	2176	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	110
PID 3168 wrote to memory of 1192	3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	111
PID 3168 wrote to memory of 1192	3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	111
PID 3168 wrote to memory of 1192	3168	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	111
PID 1920 wrote to memory of 3608	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	112
PID 1920 wrote to memory of 3608	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	112
PID 1920 wrote to memory of 3608	1920	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	112
PID 232 wrote to memory of 744	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	113
PID 232 wrote to memory of 744	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	113
PID 232 wrote to memory of 744	232	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	113
PID 4164 wrote to memory of 3692	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	114
PID 4164 wrote to memory of 3692	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	114
PID 4164 wrote to memory of 3692	4164	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	114
PID 2296 wrote to memory of 720	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	115
PID 2296 wrote to memory of 720	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	115
PID 2296 wrote to memory of 720	2296	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	115
PID 3016 wrote to memory of 2244	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	116
PID 3016 wrote to memory of 2244	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	116
PID 3016 wrote to memory of 2244	3016	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	116
PID 404 wrote to memory of 668	404	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	117
PID 404 wrote to memory of 668	404	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	117
PID 404 wrote to memory of 668	404	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	117
PID 1740 wrote to memory of 2124	1740	ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:232
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        8⤵
        
        PID:19176
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19128
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19268
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16144
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19112
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17048
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19048
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19144
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15760
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17676
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12860
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:16160
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4164
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15904
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19136
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15872
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17636
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17620
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:19064
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12508
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:15536
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19120
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19152
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:6892
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:13564
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12692
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:15824
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
        5⤵
        
        PID:19168
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17016
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:6908
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15492
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12796
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:15912
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16608
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:17732
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12676
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:15856
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:5524
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:19088
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
      4⤵
      PID:13496
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:12768
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:16996
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:6980
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:7588
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:2128
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:9936
- - C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
    3⤵
    PID:14504
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:12820
- C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ddcb7a59349e09c55fb7bba3ea549ec0_NeikiAnalytics.exe"
  2⤵
  PID:15888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian fucking hot (!) ash (Curtney,Anniston).mpeg.exe

Filesize
921KB

MD5
d8c501aaeaad1a130e97b2489eba8e59

SHA1
c6328e80301122386ac42157a5368513da171036

SHA256
f6ca7657082f7b2caed3948e26a8b17449fd4bbf67ae1ba01261d0a81f6f5f6b

SHA512
39b2d40519dba2a6513046d455d5887997f8811e5af09443f45d6113da56286d1fdcce3833178a06acf68db6329f7e5003678ab7ee78956c2bec8057613be8a3

Download Submit
memory/232-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/396-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/404-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/404-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/668-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/668-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/720-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/744-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/744-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/804-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/804-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1192-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1512-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1512-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1920-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1920-381-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1920-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1920-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1920-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2124-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2124-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2176-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2296-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3016-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3168-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3168-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3608-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3608-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3660-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3660-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3692-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3708-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4000-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4000-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4164-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4164-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4356-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4356-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4508-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4796-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4908-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4908-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5192-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5192-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5392-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5400-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5416-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5424-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5424-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5432-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5452-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5492-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5500-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5508-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5508-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5516-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5524-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6152-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6152-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6168-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6168-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6176-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6192-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6292-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6292-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6364-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6364-305-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6396-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6460-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6468-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6504-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6604-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6868-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6908-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6916-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7024-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7032-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7076-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7084-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7596-306-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7604-307-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download