d70ad56b697e834174c47e81d33eba70c463c25e7168c7ff4f29a0854e1c4118

Analysis

max time kernel
16s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Size

581KB
MD5

dfe52095b3afd14ac838740878c2a720
SHA1

3373984950856b0528f7fbfe0c812aeac8fb8d33
SHA256

d70ad56b697e834174c47e81d33eba70c463c25e7168c7ff4f29a0854e1c4118
SHA512

22b90f7817b0cd7d0bab1d5e60cc393ea0199febec073c94a6cd13ea285093e42defe0fc23795be7ab5d6f49b6b2ecea544aacd7d973059d8d1b7202566fe514
SSDEEP

12288:VEQoSfqEwNMdzO9AH2E5M4EsHQIYtoWgRW4VrM:V3ww/r5usHQ/VB

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 25 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3972-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023416-5.dat	upx
behavioral2/memory/3528-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3260-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3648-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1852-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/436-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/760-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2824-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4460-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3972-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3528-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3296-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2912-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2164-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/412-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3972-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3760-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3648-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/436-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1860-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2824-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/760-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4312-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2656-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4460-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3872-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3920-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3588-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2384-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2540-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3704-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2912-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/412-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2136-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5184-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5176-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3760-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2984-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4188-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5192-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5212-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1860-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5228-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3444-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4676-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2436-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5260-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6056-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6092-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6048-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5284-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3872-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5268-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2384-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2540-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4428-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5252-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2244-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3104-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5156-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6084-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5292-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6076-247-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\W:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\E:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\J:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\L:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\N:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\O:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\G:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\K:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\M:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\S:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\X:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\A:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\B:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\I:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\U:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\H:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\P:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\R:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\T:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File opened (read-only)	\??\V:	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse sperm girls shoes (Kathrin,Tatjana).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx several models hole hotel .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cumshot horse hidden ash .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum lingerie catfight hole .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm several models ¼ë .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american animal horse catfight glans wifey (Janette).mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese cumshot beast licking titts penetration (Samantha).zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish beastiality bukkake sleeping .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish animal bukkake licking cock wifey (Janette).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish trambling [milf] (Tatjana).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast [milf] Œã .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore sleeping femdom .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian fetish lingerie [free] cock .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\indian animal xxx licking feet .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian gang bang hardcore full movie femdom (Britney,Liz).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\black horse sperm licking hole girly .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast hidden (Karin).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian animal bukkake sleeping black hairunshaved .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian horse lingerie big ¼ë (Sandy,Tatjana).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese handjob sperm licking feet balls (Melissa).rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking [bangbus] shoes .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling full movie .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore big hole .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian beastiality fucking several models granny .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\malaysia lesbian voyeur glans castration (Samantha).mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models titts castration (Jade).rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian beastiality beast full movie glans .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling catfight .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish beastiality lingerie [milf] .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia gay masturbation titts .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian animal lesbian voyeur feet femdom .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang beast full movie leather .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake full movie traffic .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\french fucking lesbian titts .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\blowjob full movie titts .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian fetish beast [free] glans .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\trambling masturbation .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\spanish blowjob catfight glans .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian beastiality hardcore catfight stockings .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\hardcore masturbation feet shower (Sarah).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fetish beast several models .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\action sperm sleeping fishy .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german trambling uncut (Jade).zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\american beastiality horse lesbian titts upskirt .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\hardcore [milf] mature .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\gang bang bukkake uncut lady (Kathrin,Jade).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\blowjob catfight cock granny (Liz).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish beastiality beast several models glans .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\canadian horse public feet (Ashley,Melissa).mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\canadian sperm licking (Melissa).zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\tyrkish horse beast public cock high heels .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\horse hidden cock stockings .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\indian animal beast hidden beautyfull (Sonja,Karin).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lesbian voyeur .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\horse [free] .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish cum gay hidden stockings .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse lesbian cock .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\fetish hardcore girls .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\british xxx sleeping upskirt .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian porn fucking full movie feet sweet (Tatjana).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\tyrkish animal bukkake masturbation beautyfull .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian xxx [bangbus] latex (Anniston,Samantha).mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\cum horse hot (!) high heels (Britney,Liz).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\porn blowjob lesbian titts sm (Sylvia).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\kicking fucking [bangbus] lady .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\chinese xxx sleeping cock stockings .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beastiality lesbian catfight black hairunshaved .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking sleeping feet .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\xxx hidden hole shoes .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\chinese xxx public feet traffic .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lingerie uncut hole sm .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\italian beastiality fucking big .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian sperm big glans girly (Samantha).zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\horse lesbian catfight titts balls (Karin).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\norwegian lesbian hidden balls .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian xxx uncut hole .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish handjob lingerie licking ash .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\bukkake big granny .mpeg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\gay full movie mature (Sandy,Tatjana).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\canadian blowjob several models (Curtney).rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\indian nude fucking licking feet (Kathrin,Sarah).zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\tyrkish cumshot horse hidden cock .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\norwegian trambling [milf] titts castration .rar.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\xxx uncut hole latex .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\sperm lesbian glans circumcision (Melissa).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake voyeur (Janette).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish horse bukkake public feet latex .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\british trambling hidden femdom .mpg.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\tyrkish kicking trambling uncut bedroom (Jenna,Melissa).avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\danish porn gay uncut black hairunshaved .avi.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fetish lingerie public titts .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\british fucking big high heels .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british hardcore hidden feet .zip.exe	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2824	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2824	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
760	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
760	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
4312	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
4312	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2656	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2656	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
4460	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
4460	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3704	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3704	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3588	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3588	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2912	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
2912	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
412	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
412	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 3528	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	85
PID 3972 wrote to memory of 3528	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	85
PID 3972 wrote to memory of 3528	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	85
PID 3528 wrote to memory of 3296	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	88
PID 3528 wrote to memory of 3296	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	88
PID 3528 wrote to memory of 3296	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	88
PID 3972 wrote to memory of 2164	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	89
PID 3972 wrote to memory of 2164	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	89
PID 3972 wrote to memory of 2164	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	89
PID 3528 wrote to memory of 3260	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	92
PID 3528 wrote to memory of 3260	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	92
PID 3528 wrote to memory of 3260	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	92
PID 3296 wrote to memory of 1852	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	93
PID 3296 wrote to memory of 1852	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	93
PID 3296 wrote to memory of 1852	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	93
PID 3972 wrote to memory of 3648	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	94
PID 3972 wrote to memory of 3648	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	94
PID 3972 wrote to memory of 3648	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	94
PID 2164 wrote to memory of 436	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	95
PID 2164 wrote to memory of 436	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	95
PID 2164 wrote to memory of 436	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	95
PID 3296 wrote to memory of 2824	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	97
PID 3296 wrote to memory of 2824	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	97
PID 3296 wrote to memory of 2824	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	97
PID 3972 wrote to memory of 760	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	98
PID 3972 wrote to memory of 760	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	98
PID 3972 wrote to memory of 760	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	98
PID 3528 wrote to memory of 4312	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	99
PID 3528 wrote to memory of 4312	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	99
PID 3528 wrote to memory of 4312	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	99
PID 3260 wrote to memory of 2656	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	100
PID 3260 wrote to memory of 2656	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	100
PID 3260 wrote to memory of 2656	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	100
PID 2164 wrote to memory of 4460	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	101
PID 2164 wrote to memory of 4460	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	101
PID 2164 wrote to memory of 4460	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	101
PID 1852 wrote to memory of 3704	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	102
PID 1852 wrote to memory of 3704	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	102
PID 1852 wrote to memory of 3704	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	102
PID 3648 wrote to memory of 3588	3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	103
PID 3648 wrote to memory of 3588	3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	103
PID 3648 wrote to memory of 3588	3648	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	103
PID 436 wrote to memory of 2912	436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	104
PID 436 wrote to memory of 2912	436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	104
PID 436 wrote to memory of 2912	436	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	104
PID 3296 wrote to memory of 2136	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	105
PID 3972 wrote to memory of 412	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	106
PID 3296 wrote to memory of 2136	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	105
PID 3296 wrote to memory of 2136	3296	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	105
PID 3972 wrote to memory of 412	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	106
PID 3972 wrote to memory of 412	3972	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	106
PID 3528 wrote to memory of 3760	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	107
PID 3528 wrote to memory of 3760	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	107
PID 3528 wrote to memory of 3760	3528	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	107
PID 3260 wrote to memory of 2984	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	108
PID 3260 wrote to memory of 2984	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	108
PID 3260 wrote to memory of 2984	3260	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	108
PID 2164 wrote to memory of 4188	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	109
PID 2164 wrote to memory of 4188	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	109
PID 2164 wrote to memory of 4188	2164	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	109
PID 1852 wrote to memory of 1860	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	111
PID 1852 wrote to memory of 1860	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	111
PID 1852 wrote to memory of 1860	1852	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	111
PID 2824 wrote to memory of 2436	2824	dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3528
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        Checks computer location settings
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:744
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:15644
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16232
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6344
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16160
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:8736
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:11000
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:16288
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:15964
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:3708
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:4408
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:9780
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:4820
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3648
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16216
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:884
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:10936
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:5128
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:10000
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:10724
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6000
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
      4⤵
      PID:3216
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:8620
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:11096
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  PID:5292
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:11200
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:16256
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  PID:6772
- - C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
    3⤵
    PID:2604
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  PID:8680
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  PID:11056
- C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe52095b3afd14ac838740878c2a720_NeikiAnalytics.exe"
  2⤵
  PID:5612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models titts castration (Jade).rar.exe

Filesize
965KB

MD5
0d5b24e517cb04b35ff8d3cf34cb564d

SHA1
06219fe82f458bd98c192b8d20da036c6f2141aa

SHA256
18d317539ed29c4a9d30952b18dce0ec988802818525fb409c98892f36cfd764

SHA512
f043d52123942642407355919d79aa22aa1b07fe83680bce8cf0156140da8e5bfc8d1ef2016bdc1b93aab49145bd564f27ddac60e5b190ef64d33606469a764e

Download Submit
memory/412-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/412-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/436-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/436-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/760-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/760-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1852-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1860-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1860-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2136-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2164-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2436-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2656-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2912-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2912-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2984-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3104-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3260-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3296-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3528-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3528-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3588-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3648-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3648-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3704-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3760-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3760-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3872-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3872-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3920-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3972-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3972-298-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3972-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3972-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3972-426-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4188-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4312-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4428-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4460-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4460-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4676-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5156-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5168-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5176-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5176-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5192-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5192-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5200-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5236-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5268-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5284-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5520-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6044-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6048-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6048-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6056-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6056-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6076-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6084-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6092-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6092-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6120-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6312-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6356-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6536-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6544-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6596-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6748-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6756-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6772-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6780-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6788-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6796-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6804-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download