e332a022ce1f3735736a2f6ce24753864a5d00e325baaae49e559bcd181a22af

Analysis

max time kernel
15s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Size

1.4MB
MD5

dc3ace631f9e573bbda89093e4a51a80
SHA1

0a33950ee256798f669d85ad6339cf6910468ec7
SHA256

e332a022ce1f3735736a2f6ce24753864a5d00e325baaae49e559bcd181a22af
SHA512

d81219394662fb885b3b74ce33772244e3c414e59b5d327b472b793546d41b09c4d2017bab4a6620ca23730d026dc8cef60bad99508323f0b10f8295e40b08c5
SSDEEP

24576:VHNkfxw+uozuaQRkHH3w7q9z2ZcAoauA5wZoTDmLoObuZdLSYZ/WRC0:Z2C+uk/8K3wcQ/V5GoTi3buj/WRC0

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3240-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0003000000022ab9-5.dat	upx
behavioral2/memory/848-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1960-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3688-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2400-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2404-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3240-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4600-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1496-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1204-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3036-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/848-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3248-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1600-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1960-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3460-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3688-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1588-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3240-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2416-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2824-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1872-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2404-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3140-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3572-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3780-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1444-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/892-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3036-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4600-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/740-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3248-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1204-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1588-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5164-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5140-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5224-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5468-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5460-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5444-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5372-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2424-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5404-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5384-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5500-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5492-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5484-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5436-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4056-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3212-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5476-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3140-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3572-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5396-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/740-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2008-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6208-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6184-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1444-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/892-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6240-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6504-252-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6468-251-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\K:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\L:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\S:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\V:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\X:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\M:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\P:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\B:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\N:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\T:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\U:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\W:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\R:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\A:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\E:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\G:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\I:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\J:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File opened (read-only)	\??\O:	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\fetish [free] (Sandy,Gina).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cum hidden ash pregnant .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish animal cum girls mistress (Sandy).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish beast bukkake licking lady .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang [free] ash (Jade).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian nude big legs (Sonja,Britney).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese nude horse full movie ash (Sonja).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\nude lingerie several models cock .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black horse lingerie several models upskirt .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling sperm [bangbus] latex (Britney,Ashley).mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish xxx nude masturbation stockings .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian fucking fetish [milf] high heels .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob lesbian big femdom .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\handjob gay lesbian .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\indian lesbian trambling [free] traffic .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish sperm public leather (Kathrin).mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese lingerie gay full movie ejaculation .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african hardcore cum girls black hairunshaved .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\russian lingerie beastiality [milf] lady .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\cumshot full movie ejaculation .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american lingerie horse sleeping granny .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking full movie cock (Sonja).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\nude lesbian (Sarah).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american horse lingerie lesbian boobs .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beast licking ash leather (Liz,Sylvia).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black animal nude catfight legs YEâPSè& .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian animal masturbation hole sm .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\asian horse girls balls (Christine).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality gay several models hole circumcision (Samantha,Anniston).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black beast fetish masturbation cock (Sandy,Samantha).mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\InputMethod\SHARED\chinese horse big feet (Janette,Janette).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\malaysia kicking public lady .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\british horse beastiality girls sweet .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\american cum fetish [bangbus] feet penetration .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\german sperm full movie titts high heels (Sandy).mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\canadian cumshot [free] ash mature .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beast licking 40+ .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\malaysia bukkake porn [free] girly .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\african action girls balls (Curtney,Jenna).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\hardcore licking penetration (Sandy).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\nude [bangbus] vagina pregnant .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black cum licking mature .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\canadian bukkake blowjob hot (!) boots .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse fetish big girly .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\british kicking xxx public vagina boots .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\horse catfight circumcision (Sandy,Curtney).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\russian handjob catfight nipples .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\xxx lesbian bedroom .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\porn [bangbus] ejaculation .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\bukkake lingerie hidden black hairunshaved .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gay lingerie girls glans redhair .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\british blowjob lesbian big shower .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cum full movie cock wifey .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob several models castration .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\spanish lesbian catfight femdom .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\german horse catfight (Jenna).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese fucking public glans .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia fucking xxx voyeur mistress (Anniston).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish beast hardcore big vagina .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\fucking cum several models swallow .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\african hardcore several models (Melissa).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\italian xxx hardcore licking upskirt .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lesbian trambling catfight (Curtney,Sonja).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\italian blowjob xxx public legs femdom .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\nude cum catfight upskirt .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black sperm animal [bangbus] girly (Tatjana).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\bukkake cum [free] cock girly .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast full movie YEâPSè& .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\brasilian animal masturbation .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\nude fucking licking .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\bukkake nude uncut young .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\indian fetish xxx [milf] glans mature .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore beastiality licking .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\tyrkish handjob sperm hidden hole .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lingerie voyeur hotel .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\british xxx several models .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\porn beastiality uncut .mpg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\security\templates\black cumshot hardcore hidden ash .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish animal public hairy .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\malaysia gang bang hot (!) (Gina,Ashley).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british xxx several models beautyfull (Sandy,Karin).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\indian horse beast several models latex .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\kicking horse voyeur lady (Tatjana).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\canadian beast horse [free] sm .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\spanish hardcore xxx big nipples hairy .mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\spanish bukkake voyeur mistress (Samantha).avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\beastiality [milf] (Liz,Tatjana).zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\british fetish fetish hot (!) shoes (Sarah,Karin).rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african horse cum voyeur shower (Jenna).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\swedish action beast uncut legs redhair .rar.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\british handjob horse full movie feet .avi.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian trambling hot (!) gorgeoushorny .zip.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\action girls (Anniston).mpeg.exe	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2404	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2404	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3780	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3780	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
4600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
4600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1204	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1204	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3036	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3036	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3460	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3460	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3248	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3248	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1588	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1588	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2416	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
2416	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 848	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	86
PID 3240 wrote to memory of 848	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	86
PID 3240 wrote to memory of 848	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	86
PID 848 wrote to memory of 1496	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	90
PID 848 wrote to memory of 1496	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	90
PID 848 wrote to memory of 1496	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	90
PID 3240 wrote to memory of 1960	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	91
PID 3240 wrote to memory of 1960	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	91
PID 3240 wrote to memory of 1960	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	91
PID 848 wrote to memory of 1600	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	95
PID 848 wrote to memory of 1600	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	95
PID 848 wrote to memory of 1600	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	95
PID 1496 wrote to memory of 3688	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	96
PID 1496 wrote to memory of 3688	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	96
PID 1496 wrote to memory of 3688	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	96
PID 3240 wrote to memory of 2400	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	97
PID 3240 wrote to memory of 2400	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	97
PID 3240 wrote to memory of 2400	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	97
PID 1960 wrote to memory of 1872	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	98
PID 1960 wrote to memory of 1872	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	98
PID 1960 wrote to memory of 1872	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	98
PID 848 wrote to memory of 2404	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	100
PID 848 wrote to memory of 2404	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	100
PID 848 wrote to memory of 2404	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	100
PID 1496 wrote to memory of 3780	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	101
PID 1496 wrote to memory of 3780	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	101
PID 1496 wrote to memory of 3780	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	101
PID 3240 wrote to memory of 4600	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	102
PID 3240 wrote to memory of 4600	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	102
PID 3240 wrote to memory of 4600	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	102
PID 1600 wrote to memory of 3036	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	103
PID 1600 wrote to memory of 3036	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	103
PID 1600 wrote to memory of 3036	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	103
PID 1960 wrote to memory of 1204	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	104
PID 1960 wrote to memory of 1204	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	104
PID 1960 wrote to memory of 1204	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	104
PID 3688 wrote to memory of 3460	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	105
PID 3688 wrote to memory of 3460	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	105
PID 3688 wrote to memory of 3460	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	105
PID 2400 wrote to memory of 3248	2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	106
PID 2400 wrote to memory of 3248	2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	106
PID 2400 wrote to memory of 3248	2400	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	106
PID 1872 wrote to memory of 1588	1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	107
PID 1872 wrote to memory of 1588	1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	107
PID 1872 wrote to memory of 1588	1872	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	107
PID 848 wrote to memory of 2416	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	108
PID 848 wrote to memory of 2416	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	108
PID 848 wrote to memory of 2416	848	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	108
PID 1496 wrote to memory of 2824	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	109
PID 1496 wrote to memory of 2824	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	109
PID 1496 wrote to memory of 2824	1496	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	109
PID 3240 wrote to memory of 2424	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	110
PID 3240 wrote to memory of 2424	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	110
PID 3240 wrote to memory of 2424	3240	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	110
PID 2404 wrote to memory of 3572	2404	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	111
PID 2404 wrote to memory of 3572	2404	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	111
PID 2404 wrote to memory of 3572	2404	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	111
PID 1600 wrote to memory of 3140	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	112
PID 1600 wrote to memory of 3140	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	112
PID 1600 wrote to memory of 3140	1600	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	112
PID 3688 wrote to memory of 3212	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	113
PID 3688 wrote to memory of 3212	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	113
PID 3688 wrote to memory of 3212	3688	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	113
PID 1960 wrote to memory of 4056	1960	dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:19072
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:19628
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:23036
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:21332
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:19692
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:21128
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18768
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:20808
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:20712
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19688
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18500
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19084
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18792
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:20056
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:21556
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:20284
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19712
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19640
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19832
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19496
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19280
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18628
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:20784
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19728
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:3516
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:21564
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:18440
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19672
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19320
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:8640
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:2632
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:14972
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:19356
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:19696
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:19912
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18596
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:21340
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19308
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:21356
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18976
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19856
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:21324
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:22832
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:21548
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:21364
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19668
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19336
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:23404
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:11576
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:14980
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:18824
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18968
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19816
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19648
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:22716
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19404
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:18984
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:21580
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:11492
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:16208
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:19704
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:18960
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:18476
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19008
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:20436
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19300
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:15548
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:19840
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:19344
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
      4⤵
      PID:18636
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:11060
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:5352
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:5484
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:9464
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:16176
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:19664
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:6780
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:9256
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:16160
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:19764
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:8420
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:15608
- - C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
    3⤵
    PID:20240
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:10552
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:15968
- C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dc3ace631f9e573bbda89093e4a51a80_NeikiAnalytics.exe"
  2⤵
  PID:3768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish sperm public leather (Kathrin).mpg.exe

Filesize
187KB

MD5
6c8505736bc4cd65603637f3483f5a29

SHA1
cf124ee669361c317f6b539e72fc28778781bf49

SHA256
6cc111c6aca02e56c0b430e36f5f452d90622ebd2f6ea6679356dec3867f6c4a

SHA512
13b493ee9b17b23216cc54bbc0365ed25d3c2b076a6b0109c0a1daccc914a2d5d4af4e17b48964b1a21e34b24b7972d5d19505618c648ba2a327061c91d20e41

Download Submit
memory/740-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/740-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/892-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/892-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1204-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1204-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1496-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1588-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1588-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1600-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1872-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1960-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1960-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2008-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2400-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2404-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2404-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2416-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2424-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2516-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3140-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3140-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3212-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-292-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-499-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3248-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3248-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3460-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3572-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3572-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3688-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3688-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3780-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4056-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4600-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4600-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4704-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5164-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5224-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5224-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5372-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5372-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5384-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5396-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5396-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5404-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5404-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5412-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5428-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5436-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5436-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5452-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5492-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5492-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5500-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5500-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6176-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6184-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6184-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6200-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6208-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6240-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6324-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6348-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6400-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6448-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6456-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6468-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6504-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6568-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6732-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6796-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6804-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6820-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download