29835d3e0e85e3fdfe298dd5694ea2879934ae1c19d44fac43252e3acc62afda

Analysis

max time kernel
13s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Size

582KB
MD5

e07b0569b6ac7009af238b772e224c30
SHA1

43170fb4361557b4c85e310168d13bca28d467a9
SHA256

29835d3e0e85e3fdfe298dd5694ea2879934ae1c19d44fac43252e3acc62afda
SHA512

64a0a356b276b69a31f3217f8a5d8aa166548bd965cd65c06fc07c6e454310453cbe81049eb36d3402d00eddc576b64732c7bc8828691187cf3507a274e7c77c
SSDEEP

12288:bPKL8qALmAUO+I85wWAbnmUqrL5wvLFwLpScF8yG3qpD64pUiWUeHhaK:bSLqm3h5PUmUqrL6vhWpX27eLAUe/

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/456-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-5.dat	upx
behavioral2/memory/4336-13-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2968-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2556-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3864-166-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3704-167-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4968-168-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2680-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2416-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4972-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4704-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1376-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/456-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3636-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4336-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2968-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5064-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4760-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1676-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2556-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1856-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4372-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4424-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4076-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1252-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4024-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3984-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4476-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2920-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2600-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2840-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1000-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/668-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3864-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5376-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5440-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2680-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5488-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2416-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5448-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4968-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5432-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3704-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4240-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5668-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5660-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5620-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1376-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5600-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5584-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5592-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4704-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4972-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5748-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2920-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1856-254-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4372-253-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4424-252-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4076-251-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1252-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4024-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3984-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4476-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\W:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\X:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\A:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\L:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\O:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\S:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\U:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\V:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\E:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\H:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\I:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\K:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\P:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\R:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\B:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\G:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\J:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\M:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\T:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\fetish full movie (Christine).zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\xxx kicking several models ash wifey .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian fetish gay [free] mature .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french cum fetish girls nipples traffic .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian gang bang licking castration .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian fucking horse uncut high heels .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish animal voyeur vagina sweet .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\animal gay sleeping ash (Jenna).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian trambling big glans (Sarah).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\french horse trambling uncut .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish gay big mature .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish animal voyeur redhair .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african trambling horse full movie hotel .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american cum sleeping (Jade,Britney).avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse big shoes (Curtney).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian cum [milf] (Curtney,Sonja).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian beastiality nude voyeur 50+ (Anniston,Christine).avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish hardcore nude licking (Liz,Sylvia).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black kicking full movie .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\canadian beast licking titts blondie .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay big .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\cum licking shoes .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish fucking big vagina .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\animal lesbian ash upskirt (Christine).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\british cum fetish catfight boobs (Curtney,Kathrin).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\cum fucking sleeping vagina stockings .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese xxx lesbian big traffic (Karin,Sandy).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse [milf] mature .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\norwegian beastiality horse hot (!) .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia fucking fetish full movie titts sm (Britney,Christine).avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\chinese kicking fetish [milf] redhair .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\african beast [milf] stockings .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\asian action lesbian uncut cock latex .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish lesbian trambling big .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\cum gang bang lesbian feet sweet (Kathrin).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\french fetish gang bang big feet penetration (Liz).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore big stockings (Jade).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african handjob [milf] Ôï .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\chinese action beast full movie beautyfull (Sarah).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\french porn gay catfight feet sm (Karin).zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\norwegian porn animal licking cock sm .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\chinese animal cum public glans .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian beast action hidden pregnant (Sylvia,Karin).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum full movie legs blondie .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\nude handjob [bangbus] (Sandy,Jade).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese lesbian trambling several models boobs ¤ç (Kathrin).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian porn full movie boobs penetration .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\fucking big .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\chinese blowjob lingerie [bangbus] vagina ash (Kathrin,Christine).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\kicking girls .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude [bangbus] latex (Karin).zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian hardcore horse public shower (Melissa).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\cumshot fucking hidden nipples beautyfull .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish beast uncut .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn fucking girls fishy (Christine,Sonja).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\kicking fetish full movie gorgeoushorny (Anniston).zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beast catfight high heels .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\handjob uncut hole .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\sperm xxx [milf] hole (Ashley,Liz).rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake animal full movie hairy .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\handjob sleeping .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian beastiality animal lesbian cock blondie (Sylvia,Ashley).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\fetish sperm sleeping castration (Sonja).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\spanish cum lesbian sm .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese beast licking cock young .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cumshot [bangbus] boots (Janette).mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\japanese lesbian kicking lesbian feet .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black bukkake several models (Ashley).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot trambling hidden swallow .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\security\templates\fetish bukkake [milf] .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\american trambling hardcore sleeping titts upskirt (Sandy).mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish fetish big .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore xxx full movie hairy .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese lesbian full movie .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian handjob trambling catfight .mpeg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\tyrkish cumshot horse public .avi.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish sperm cum lesbian boobs .rar.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\fetish several models .mpg.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian fucking lesbian big .zip.exe	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2416	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2416	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2680	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2680	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4972	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4972	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
1376	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
1376	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3696	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3696	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4928	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4928	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3636	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3636	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
5064	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
5064	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4336	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	85
PID 456 wrote to memory of 4336	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	85
PID 456 wrote to memory of 4336	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	85
PID 456 wrote to memory of 2968	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	88
PID 456 wrote to memory of 2968	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	88
PID 456 wrote to memory of 2968	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	88
PID 4336 wrote to memory of 2556	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	89
PID 4336 wrote to memory of 2556	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	89
PID 4336 wrote to memory of 2556	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	89
PID 456 wrote to memory of 3864	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	93
PID 456 wrote to memory of 3864	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	93
PID 456 wrote to memory of 3864	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	93
PID 4336 wrote to memory of 4240	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	94
PID 4336 wrote to memory of 4240	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	94
PID 4336 wrote to memory of 4240	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	94
PID 2968 wrote to memory of 3704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	95
PID 2968 wrote to memory of 3704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	95
PID 2968 wrote to memory of 3704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	95
PID 2556 wrote to memory of 4968	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	96
PID 2556 wrote to memory of 4968	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	96
PID 2556 wrote to memory of 4968	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	96
PID 456 wrote to memory of 2416	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	98
PID 456 wrote to memory of 2416	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	98
PID 456 wrote to memory of 2416	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	98
PID 3864 wrote to memory of 2680	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	99
PID 3864 wrote to memory of 2680	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	99
PID 3864 wrote to memory of 2680	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	99
PID 2968 wrote to memory of 4704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	100
PID 2968 wrote to memory of 4704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	100
PID 2968 wrote to memory of 4704	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	100
PID 4336 wrote to memory of 4972	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	101
PID 4336 wrote to memory of 4972	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	101
PID 4336 wrote to memory of 4972	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	101
PID 4240 wrote to memory of 1376	4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	102
PID 4240 wrote to memory of 1376	4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	102
PID 4240 wrote to memory of 1376	4240	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	102
PID 2556 wrote to memory of 3696	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	103
PID 2556 wrote to memory of 3696	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	103
PID 2556 wrote to memory of 3696	2556	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	103
PID 4968 wrote to memory of 4928	4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	104
PID 4968 wrote to memory of 4928	4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	104
PID 4968 wrote to memory of 4928	4968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	104
PID 3704 wrote to memory of 3636	3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	105
PID 3704 wrote to memory of 3636	3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	105
PID 3704 wrote to memory of 3636	3704	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	105
PID 456 wrote to memory of 5064	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	108
PID 456 wrote to memory of 5064	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	108
PID 456 wrote to memory of 5064	456	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	108
PID 2416 wrote to memory of 1676	2416	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	109
PID 2416 wrote to memory of 1676	2416	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	109
PID 2416 wrote to memory of 1676	2416	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	109
PID 3864 wrote to memory of 668	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	110
PID 3864 wrote to memory of 668	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	110
PID 3864 wrote to memory of 668	3864	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	110
PID 2680 wrote to memory of 1000	2680	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	111
PID 2680 wrote to memory of 1000	2680	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	111
PID 2680 wrote to memory of 1000	2680	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	111
PID 2968 wrote to memory of 4760	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	112
PID 2968 wrote to memory of 4760	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	112
PID 2968 wrote to memory of 4760	2968	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	112
PID 4336 wrote to memory of 2840	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	113
PID 4336 wrote to memory of 2840	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	113
PID 4336 wrote to memory of 2840	4336	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	113
PID 4972 wrote to memory of 2600	4972	e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:456
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17180
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:3652
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17040
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:12184
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:16948
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        7⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17148
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17156
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17228
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16892
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:12152
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3864
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17356
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17300
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17740
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:3228
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8408
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:10380
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:11848
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:17364
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17276
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:16868
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:12260
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:16924
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17404
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:18784
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:10472
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:11816
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:17308
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:11936
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:17340
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:6344
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:3500
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:8004
- - C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
    3⤵
    PID:17708
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:10816
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:11776
- C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\e07b0569b6ac7009af238b772e224c30_NeikiAnalytics.exe"
  2⤵
  PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese xxx lesbian big traffic (Karin,Sandy).mpeg.exe

Filesize
763KB

MD5
b015f1d8b1ac7aea3f7f97d5bcf90fe6

SHA1
6d6a65edbf31ea9d9e1cea60af3d2ea44959060e

SHA256
d788d210759e2590d7ae6988e94cf24f4915180f7c0cd7943392dbe07219526d

SHA512
3a0c4301858533de2c91501a5be159d35f369b08f0f70140cabcb86688be0848c70304be2a552505f50354b6514a51acf1856960673b58f7d01c83611fa5bd50

Download Submit
memory/456-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/456-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/668-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/668-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1000-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1000-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1252-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1252-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1376-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1376-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1676-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1676-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1856-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2556-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2556-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2600-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2600-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2840-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2840-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2920-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2920-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2968-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2968-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3636-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3636-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3704-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3704-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3864-166-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3864-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3984-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3984-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4024-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4024-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4076-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4076-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4240-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4336-13-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4336-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4372-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4372-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4424-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4424-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4476-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4476-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4704-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4704-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4760-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4760-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4968-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4968-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4972-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4972-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5064-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5064-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5376-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5376-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5432-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5432-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5440-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5440-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5448-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5488-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5488-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5584-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5584-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5592-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5600-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5600-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5620-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5620-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5660-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5668-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5748-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5832-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5872-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6200-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6212-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6220-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6228-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6248-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6256-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6264-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6272-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6300-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6308-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6344-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6352-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6360-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6388-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6396-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6564-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download