a243f2d890bde6cb21a897ec49632781c28c198eff5fb87817aae8ba297e66d7

Analysis

max time kernel
13s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Size

591KB
MD5

06b659c4fd176e2dcc6a481d3aead46f
SHA1

d54838f2eeaf742e7ebbb08bbed47ee8b5696048
SHA256

a243f2d890bde6cb21a897ec49632781c28c198eff5fb87817aae8ba297e66d7
SHA512

fab37a03036229a895b2fd0d2d95cf786f9670e35a4895ac8e2f2ed14682c669c70544646546258716e33e826dfa337c4dd7693bdcc797de9c47abbbbe27344a
SSDEEP

12288:gEQoShF+ngG7cY6S7AVLYMl3hEAlgs3icItk48ADpHXymUNHZ:gx+gPYh5Ml3plF3otIA9HCTNZ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1008-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x0007000000023433-5.dat	upx
behavioral2/memory/1100-67-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4376-168-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4348-167-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2804-184-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3156-185-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1848-186-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3800-187-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3868-189-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/392-188-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/728-190-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1008-191-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4016-193-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5012-194-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1100-192-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1008-195-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4376-196-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1196-199-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4816-198-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3676-197-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3156-200-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1312-202-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1576-201-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4700-204-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1340-208-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3600-207-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5124-210-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5276-215-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4016-217-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4696-216-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/728-214-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5012-218-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5200-213-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3868-212-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/392-211-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3800-209-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/664-206-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/508-205-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1848-203-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1828-222-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5616-228-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2652-234-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5648-232-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5640-231-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5632-230-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5624-229-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5608-227-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5656-226-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1196-225-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4816-224-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3676-223-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5664-237-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5672-236-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5712-235-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/1312-233-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6280-243-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/4700-242-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/3600-245-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/664-244-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6384-254-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5200-255-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/5352-258-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/6640-261-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\P:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\R:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\T:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\J:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\N:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\S:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\U:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\V:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\B:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\H:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\I:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\W:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\X:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\E:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\G:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\L:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\O:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\A:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\K:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\M:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia animal xxx licking glans .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese blowjob action lesbian nipples bondage (Janette).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\horse lingerie hidden .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish lingerie masturbation swallow .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish beast beastiality sleeping .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\beast girls glans fishy .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black fucking hot (!) .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish beast blowjob several models feet (Janette,Sandy).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian nude voyeur ash hairy (Sonja).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\nude [free] .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang blowjob girls glans mature .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian lesbian trambling hot (!) traffic (Melissa,Karin).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gang bang [bangbus] nipples lady .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\french kicking porn uncut feet .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\animal action hot (!) stockings .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\african trambling several models 50+ .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\german action trambling hot (!) .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\british fetish beastiality catfight wifey .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\chinese lingerie hot (!) .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian fucking beast uncut wifey .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fetish horse hot (!) glans beautyfull .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore porn [milf] vagina (Anniston).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\cumshot animal hidden femdom .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot several models girly .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american hardcore [bangbus] boobs shoes .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british beast fetish several models balls (Kathrin).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish action uncut .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\horse masturbation .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\gay kicking licking (Anniston).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9470.tmp\italian hardcore voyeur upskirt .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gang bang nude [free] penetration (Sonja,Ashley).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish sperm uncut circumcision (Jenna,Sandy).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\porn animal catfight sm (Gina,Jade).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\sperm [bangbus] .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\asian kicking blowjob big ash .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\nude several models boobs .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\handjob hardcore voyeur titts Ôï (Samantha,Tatjana).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\swedish bukkake hot (!) glans (Gina).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\handjob action voyeur feet .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\danish beastiality big .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\asian cum [free] titts YEâPSè& .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\sperm fetish licking .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\lingerie masturbation ash latex .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake gang bang public girly .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese gay nude public .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\swedish nude porn big bondage .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian gang bang [free] sm .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\action action public ash (Christine,Britney).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\bukkake lesbian [bangbus] .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\russian animal [bangbus] ash .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\animal catfight .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\trambling cumshot [bangbus] cock upskirt .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\german lingerie girls .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fucking several models leather (Gina).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\gay hidden ash (Kathrin).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\trambling [bangbus] .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish kicking gay masturbation hole sm .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\lesbian [bangbus] .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\trambling cum masturbation redhair .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\spanish cum sperm several models .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german lingerie horse public .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\black beastiality lesbian legs .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\asian cum several models 50+ .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\kicking sleeping 50+ .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse big bedroom .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\british cum beast [milf] .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\norwegian lesbian lingerie girls (Samantha).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british trambling full movie vagina .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\russian horse [free] boots .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\spanish gang bang big hole mature .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore big vagina (Anniston).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian animal horse girls titts femdom .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\sperm lingerie big ìó .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african horse horse hot (!) cock (Ashley,Jenna).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian sperm [milf] feet circumcision .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\canadian horse sperm [milf] titts mistress .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british lingerie fetish full movie feet balls .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\chinese kicking nude lesbian fishy (Jade,Janette).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lesbian horse [free] hole ejaculation (Melissa).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\swedish kicking bukkake [bangbus] cock blondie (Ashley,Britney).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\french cumshot sperm catfight high heels .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse public young .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian xxx voyeur hole .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\malaysia beast sperm licking high heels .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\gay porn hot (!) legs ejaculation (Anniston,Anniston).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\trambling sleeping feet (Gina,Tatjana).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\bukkake beast sleeping (Sylvia,Anniston).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\french action blowjob [free] lady (Jade,Curtney).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\brasilian lesbian big .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\indian kicking hardcore [milf] legs blondie (Kathrin).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\italian lingerie nude [milf] nipples .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\chinese xxx lesbian masturbation Ôï .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\spanish trambling several models .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\japanese lesbian big .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\animal cum catfight .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
508	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
508	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3800	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3800	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
392	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
392	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3868	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3868	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4696	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4696	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4016	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
4016	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
5012	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
5012	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1828	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1828	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1100	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	89
PID 1008 wrote to memory of 1100	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	89
PID 1008 wrote to memory of 1100	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	89
PID 1008 wrote to memory of 4348	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	93
PID 1008 wrote to memory of 4348	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	93
PID 1008 wrote to memory of 4348	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	93
PID 1100 wrote to memory of 4376	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	92
PID 1100 wrote to memory of 4376	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	92
PID 1100 wrote to memory of 4376	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	92
PID 4348 wrote to memory of 2804	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	96
PID 4348 wrote to memory of 2804	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	96
PID 4348 wrote to memory of 2804	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	96
PID 1008 wrote to memory of 3156	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	97
PID 1008 wrote to memory of 3156	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	97
PID 1008 wrote to memory of 3156	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	97
PID 1100 wrote to memory of 1576	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	98
PID 1100 wrote to memory of 1576	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	98
PID 1100 wrote to memory of 1576	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	98
PID 4376 wrote to memory of 1848	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	99
PID 4376 wrote to memory of 1848	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	99
PID 4376 wrote to memory of 1848	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	99
PID 2804 wrote to memory of 508	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	101
PID 2804 wrote to memory of 508	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	101
PID 2804 wrote to memory of 508	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	101
PID 4348 wrote to memory of 3800	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	102
PID 4348 wrote to memory of 3800	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	102
PID 4348 wrote to memory of 3800	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	102
PID 1100 wrote to memory of 3868	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	103
PID 1100 wrote to memory of 3868	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	103
PID 1100 wrote to memory of 3868	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	103
PID 1008 wrote to memory of 392	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	104
PID 1008 wrote to memory of 392	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	104
PID 1008 wrote to memory of 392	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	104
PID 4376 wrote to memory of 728	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	105
PID 4376 wrote to memory of 728	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	105
PID 4376 wrote to memory of 728	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	105
PID 1848 wrote to memory of 4696	1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	106
PID 1848 wrote to memory of 4696	1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	106
PID 1848 wrote to memory of 4696	1848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	106
PID 1576 wrote to memory of 4016	1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	107
PID 1576 wrote to memory of 4016	1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	107
PID 1576 wrote to memory of 4016	1576	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	107
PID 3156 wrote to memory of 5012	3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	108
PID 3156 wrote to memory of 5012	3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	108
PID 3156 wrote to memory of 5012	3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	108
PID 2804 wrote to memory of 1828	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	111
PID 2804 wrote to memory of 1828	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	111
PID 2804 wrote to memory of 1828	2804	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	111
PID 508 wrote to memory of 3676	508	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	112
PID 508 wrote to memory of 3676	508	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	112
PID 508 wrote to memory of 3676	508	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	112
PID 1100 wrote to memory of 4816	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	113
PID 1100 wrote to memory of 4816	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	113
PID 1100 wrote to memory of 4816	1100	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	113
PID 4348 wrote to memory of 1196	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	114
PID 4348 wrote to memory of 1196	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	114
PID 4348 wrote to memory of 1196	4348	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	114
PID 1008 wrote to memory of 1312	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	115
PID 1008 wrote to memory of 1312	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	115
PID 1008 wrote to memory of 1312	1008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	115
PID 4376 wrote to memory of 2652	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	116
PID 4376 wrote to memory of 2652	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	116
PID 4376 wrote to memory of 2652	4376	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	116
PID 3156 wrote to memory of 4700	3156	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:27884
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:22716
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:19952
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:21552
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:21772
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:28120
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21860
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22388
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:23260
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:22084
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:24344
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22976
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:22120
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22496
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:25400
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22488
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:19936
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:28124
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22596
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22456
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28052
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21544
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21664
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22380
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22732
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28024
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22836
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28640
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22844
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:728
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:22240
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21816
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:28096
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22752
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22324
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28608
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22548
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:23704
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:23820
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21520
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21832
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:20076
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22700
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18852
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23972
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22676
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23208
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22564
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23920
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19540
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:25092
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:23980
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:19968
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:18660
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22312
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:24244
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22692
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19912
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22748
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:24980
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22852
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19576
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22928
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:27916
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22652
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28500
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22724
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22968
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23200
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21512
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22260
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:27908
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:27928
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22556
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22920
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19960
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22520
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28620
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28468
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22448
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28148
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22580
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28072
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22804
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22156
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21824
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28288
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22668
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23204
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22984
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22952
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22828
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28296
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21852
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21996
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22960
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28304
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:23964
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28140
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21592
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22076
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:23216
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22944
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:24952
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22588
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22620
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:27992
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:22764
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4348
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:508
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22820
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:28056
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21584
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21932
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18836
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21820
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21876
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:22392
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28032
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21892
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22304
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28460
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22572
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22612
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28040
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22504
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18868
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:24536
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21868
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21948
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22796
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22936
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:460
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22904
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:27952
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:21568
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13492
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19060
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:21916
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21560
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22040
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19956
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21900
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22308
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:24556
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23816
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21840
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22892
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28576
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22604
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18904
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22372
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22464
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22912
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28476
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:24392
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28624
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22472
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28492
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22628
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:28060
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17348
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:22780
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:21836
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:22320
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:28584
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28244
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28592
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28012
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22480
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19888
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28004
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19932
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:23852
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21536
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22280
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22708
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19944
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:23000
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22872
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22340
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28484
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:21884
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:24568
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22636
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:28644
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:904
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:1756
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22148
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:28252
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:21908
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22276
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28048
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22740
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:22660
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:27880
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22788
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:28436
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17180
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22772
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:21528
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:21724
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14280
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17356
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:1784
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:24752
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:23212
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22684
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3372
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:12828
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17212
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:22332
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:5648
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:22812
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18816
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17276
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:22992
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:6920
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14152
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17316
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:3024
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:9636
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9468
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:13276
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:28132
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:17460
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:22644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot several models girly .avi.exe

Filesize
1.8MB

MD5
fee20549b191987df31ebfaf138ac251

SHA1
948cd5a62b11f6f3b10be42690ea026db3fc5b6f

SHA256
6c5c835ce6af0954b893b87c1d57492d43db4a6c7aaab038559a418a48fdab7f

SHA512
35a97a7f98916aaa865c1866c2928aa71810d49bab7fa9d9b2939af8de69d2b742308783eb66495efa99af971c1763a044cefcfe33f05f271259826717dd220c

Download Submit
C:\debug.txt

Filesize
146B

MD5
0e19a2c3f0a8dfffe336cd18000cf0c7

SHA1
6c46a0ce8ef76e113f829cb9f1b6c5b6bf410fe9

SHA256
164fac480c6134c1b7a852d3e44b0b4819f2bb0a166f58b9f83f8a4b02af227b

SHA512
f00d7a321ac60b76ff7e59f9685028eaf9cbe1f78324f2b11d76ebad244914618207470db5f711195840c411406f026022db4e187497106affe18d7c77b5646a

Download Submit
memory/392-188-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/392-211-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/508-205-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/664-244-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/664-206-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/728-214-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/728-190-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1008-191-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1008-195-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1008-283-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1008-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1008-523-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1100-67-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1100-192-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1196-199-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1196-225-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1312-233-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1312-202-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1340-246-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1340-208-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1576-201-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1828-222-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1848-186-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1848-203-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1944-247-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2652-234-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2804-184-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3156-200-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3156-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3600-207-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3600-245-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3676-197-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3676-223-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3800-209-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3800-187-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3868-212-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3868-189-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4016-217-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4016-193-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4348-167-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4376-168-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4376-196-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4696-216-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4700-242-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4700-204-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4816-198-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4816-224-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5012-194-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5012-218-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5124-210-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5124-250-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5200-255-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5200-213-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5276-257-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5276-215-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5352-258-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5360-262-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5552-275-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5564-274-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5576-276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5584-273-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5592-272-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5600-271-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5608-227-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5608-270-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5616-277-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5616-228-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5624-229-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5624-278-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5632-279-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5632-230-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5640-280-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5640-231-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5648-232-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5648-281-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5656-269-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5656-226-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5664-290-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5664-237-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5672-289-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5672-236-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5712-235-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/5712-288-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6280-243-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6280-291-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6288-292-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6320-248-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6352-249-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6360-251-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6368-252-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6376-253-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6384-254-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6576-256-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6616-259-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6632-260-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6640-261-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6856-264-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6872-263-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/6912-282-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download