2a560a027c0b608c0ad89935fbf4257c973e639f63dac5fd077e43d88e9d254c

Analysis

max time kernel
13s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Size

1.3MB
MD5

74ad96609d000219906d748c74956750
SHA1

1e8adb16952dd9c03976cdbb835dd4efe074e0df
SHA256

2a560a027c0b608c0ad89935fbf4257c973e639f63dac5fd077e43d88e9d254c
SHA512

76c3e39f90f7936ecbc53bdcd19f07d475facd02a1ae20445518005731f5447f57b63997615951b98e812aaa2aefa11595970617fcef08975aae3d9213433bf2
SSDEEP

24576:0G6TXtmbOdpPhu+K49qDQ3t4EEZAniznX0ft2yX6x46b3GC5e9Nz7pxicV2G:cXtmbwkjjQt4EEZAcoQbte3PpUcV2G

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023422-5.dat	upx
behavioral2/memory/664-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2600-144-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4356-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4512-166-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/624-167-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4476-170-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4816-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3956-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/528-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4732-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/772-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/216-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/948-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4968-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/544-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/664-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/216-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3148-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4512-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/624-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/896-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4476-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3956-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/528-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4732-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4816-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/772-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4968-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/544-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3008-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4752-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/948-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4788-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3148-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4940-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1800-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5180-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5316-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5252-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1676-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5308-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5300-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5220-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3896-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4264-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3156-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/344-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1712-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6184-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5572-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4980-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3592-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4236-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5140-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6196-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2524-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6456-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6396-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\R:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\X:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\A:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\K:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\I:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\M:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\V:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\B:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\G:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\L:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\S:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\W:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\H:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\J:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\P:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\T:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\U:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\E:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File opened (read-only)	\??\N:	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese cumshot sperm big penetration (Anniston,Sylvia).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake several models glans .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian handjob gay [milf] latex (Ashley,Liz).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese handjob blowjob public .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black handjob gay full movie titts sweet .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay licking boots .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish fetish lesbian several models mistress .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking catfight ash .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish handjob gay lesbian redhair .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast masturbation blondie .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\russian horse lesbian catfight feet .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake hidden titts castration .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Download\black cum lesbian catfight shoes (Sandy,Janette).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black cum xxx lesbian hole .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian cumshot gay [free] glans Œã .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\sperm catfight castration .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african hardcore several models .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian action blowjob big black hairunshaved .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\blowjob masturbation .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx girls titts mature .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish cum bukkake [free] 50+ (Jenna,Samantha).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese cum hardcore [milf] feet .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian beast [milf] titts balls .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\beast voyeur .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality hardcore voyeur glans bedroom .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal gay lesbian cock hairy .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian handjob sperm catfight (Samantha).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black gang bang lingerie hidden feet .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american animal bukkake licking stockings .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese gang bang gay sleeping YEâPSè& .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\brasilian porn hardcore masturbation glans hairy .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish gang bang gay voyeur feet stockings (Sylvia).mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish blowjob hot (!) mistress .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\blowjob several models (Sarah).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german gay girls shoes .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\hardcore catfight cock (Jenna,Curtney).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african beast lesbian .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\cum sperm girls cock wifey .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\spanish gay lesbian granny .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish gang bang sperm lesbian boots .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian kicking lesbian hot (!) feet sm .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese action sperm [free] .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\horse licking leather .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese horse [free] high heels .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\hardcore public (Jade).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\brasilian cumshot trambling hidden titts (Sonja,Melissa).mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast public titts fishy .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\british beast several models cock high heels (Tatjana).avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking masturbation YEâPSè& .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black horse bukkake hot (!) mature (Christine,Samantha).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse licking glans (Sonja,Curtney).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia beast [bangbus] (Tatjana).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\handjob fucking big glans .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian kicking fucking lesbian (Tatjana).mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\chinese blowjob hot (!) balls .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\blowjob [milf] bondage .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\kicking bukkake full movie YEâPSè& .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\danish gang bang sperm [bangbus] (Samantha).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian girls .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\fucking masturbation hole .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese horse xxx uncut 50+ .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\horse licking girly (Sonja,Tatjana).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese blowjob masturbation bondage (Kathrin,Liz).avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\german gay [bangbus] titts 40+ .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish cum hardcore [milf] beautyfull .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse [free] .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\tyrkish nude blowjob [milf] sweet .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish fetish xxx [free] granny (Christine,Curtney).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian hardcore several models hairy .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\action beast licking cock gorgeoushorny .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\asian horse [free] titts granny (Jade).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\british gay licking blondie .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cum beast catfight (Karin).rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\security\templates\bukkake lesbian .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cumshot sperm public leather .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\lesbian sleeping glans .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lesbian masturbation (Janette).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish nude fucking masturbation stockings .rar.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\british lesbian voyeur .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\lesbian uncut cock mistress (Liz).mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore voyeur 40+ .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\black nude xxx catfight glans swallow (Melissa).mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum sperm several models .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\japanese nude lingerie [bangbus] ejaculation .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british fucking hidden traffic (Sonja,Liz).zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian fetish sperm [milf] cock black hairunshaved .zip.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling catfight titts hotel .mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian gang bang horse masturbation fishy .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german fucking girls .avi.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian beast big hole black hairunshaved .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore [milf] titts .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\indian gang bang lesbian girls pregnant .mpg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\brasilian fetish xxx [milf] latex (Jenna,Jade).mpeg.exe	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4816	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4816	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
3956	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
3956	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4732	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4732	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
528	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
528	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
772	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
772	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4968	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4968	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
948	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
948	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
544	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
544	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4752	74ad96609d000219906d748c74956750_NeikiAnalytics.exe
4752	74ad96609d000219906d748c74956750_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 664	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	87
PID 216 wrote to memory of 664	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	87
PID 216 wrote to memory of 664	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	87
PID 664 wrote to memory of 2600	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	88
PID 664 wrote to memory of 2600	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	88
PID 664 wrote to memory of 2600	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	88
PID 216 wrote to memory of 4356	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	89
PID 216 wrote to memory of 4356	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	89
PID 216 wrote to memory of 4356	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	89
PID 664 wrote to memory of 4512	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	94
PID 664 wrote to memory of 4512	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	94
PID 664 wrote to memory of 4512	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	94
PID 2600 wrote to memory of 624	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	95
PID 2600 wrote to memory of 624	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	95
PID 2600 wrote to memory of 624	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	95
PID 216 wrote to memory of 896	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	96
PID 216 wrote to memory of 896	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	96
PID 216 wrote to memory of 896	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	96
PID 4356 wrote to memory of 4476	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	97
PID 4356 wrote to memory of 4476	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	97
PID 4356 wrote to memory of 4476	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	97
PID 664 wrote to memory of 4816	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	99
PID 664 wrote to memory of 4816	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	99
PID 664 wrote to memory of 4816	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	99
PID 4512 wrote to memory of 3956	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	100
PID 4512 wrote to memory of 3956	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	100
PID 4512 wrote to memory of 3956	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	100
PID 216 wrote to memory of 4732	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	101
PID 216 wrote to memory of 4732	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	101
PID 216 wrote to memory of 4732	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	101
PID 2600 wrote to memory of 528	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	102
PID 2600 wrote to memory of 528	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	102
PID 2600 wrote to memory of 528	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	102
PID 4356 wrote to memory of 772	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	103
PID 4356 wrote to memory of 772	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	103
PID 4356 wrote to memory of 772	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	103
PID 624 wrote to memory of 948	624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	104
PID 624 wrote to memory of 948	624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	104
PID 624 wrote to memory of 948	624	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	104
PID 896 wrote to memory of 4968	896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	105
PID 896 wrote to memory of 4968	896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	105
PID 896 wrote to memory of 4968	896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	105
PID 4476 wrote to memory of 544	4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	106
PID 4476 wrote to memory of 544	4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	106
PID 4476 wrote to memory of 544	4476	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	106
PID 664 wrote to memory of 3008	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	107
PID 664 wrote to memory of 3008	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	107
PID 664 wrote to memory of 3008	664	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	107
PID 4512 wrote to memory of 4752	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	108
PID 4512 wrote to memory of 4752	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	108
PID 4512 wrote to memory of 4752	4512	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	108
PID 2600 wrote to memory of 3148	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	109
PID 2600 wrote to memory of 3148	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	109
PID 2600 wrote to memory of 3148	2600	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	109
PID 216 wrote to memory of 4940	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	110
PID 216 wrote to memory of 4940	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	110
PID 216 wrote to memory of 4940	216	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	110
PID 4356 wrote to memory of 4788	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	111
PID 4356 wrote to memory of 4788	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	111
PID 4356 wrote to memory of 4788	4356	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	111
PID 4816 wrote to memory of 1800	4816	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	112
PID 4816 wrote to memory of 1800	4816	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	112
PID 4816 wrote to memory of 1800	4816	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	112
PID 896 wrote to memory of 3896	896	74ad96609d000219906d748c74956750_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        9⤵
        
        PID:19908
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        8⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:21292
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:18688
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:18472
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:21284
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:21244
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21308
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:18440
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:660
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18456
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:21324
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18448
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14268
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21396
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21268
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14260
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:4268
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:18516
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:2348
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:21316
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:18976
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        7⤵
        
        PID:21276
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:19144
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:18652
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:748
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11564
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21228
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:648
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2608
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:9040
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:18508
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        6⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18660
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:19320
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21332
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:18464
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:13652
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:11616
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:18496
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:116
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14584
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14220
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
        5⤵
        
        PID:19692
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:7776
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:18488
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:2164
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:11744
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:14708
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:4940
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:21236
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:18996
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:5540
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:14376
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:5292
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
      4⤵
      PID:15932
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:13556
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:6840
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:11212
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:13484
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:16036
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:9124
- - C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
    3⤵
    PID:15664
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:11816
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:13320
- C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\74ad96609d000219906d748c74956750_NeikiAnalytics.exe"
  2⤵
  PID:14568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african hardcore several models .rar.exe

Filesize
1.5MB

MD5
1995ff262d576dd0a710f7714d555c76

SHA1
b29bacdbfd860b814306361e742fe34514d6dc57

SHA256
e6ae2fff864dcbc7570c8b97581a559d63238486a0ba9a84908bb2e80701c4ea

SHA512
37797614b995b58316af46a1c0a6eef56477907bccbc90686ef18c8e7535e5b350077e401cd0ca75e94627f7cf24e9999e26e748f91b45ce5f2fda9983040251

Download Submit
memory/216-294-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/216-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/216-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/216-390-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/216-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/344-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/344-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/528-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/528-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/544-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/544-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/624-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/624-167-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/664-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/664-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/772-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/772-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/896-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/948-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/948-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1676-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1712-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1800-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2524-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3008-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3148-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3148-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3156-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3592-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3592-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3896-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3956-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3956-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4236-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4264-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4356-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-170-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4512-166-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4512-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4732-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4732-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4752-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4788-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4816-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4816-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4940-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4968-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4968-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4980-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5180-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5180-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5188-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5208-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5216-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5220-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5220-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5236-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5268-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5284-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5316-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5316-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5324-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5488-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5496-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5572-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5572-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6184-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6196-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6384-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6396-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6456-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6520-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6592-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6600-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6628-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6676-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6832-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6840-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6848-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6872-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download