25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709

Analysis

max time kernel
16s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Size

1.9MB
MD5

cbbe391ac73900945f0ff6ed6896d540
SHA1

9a192ac953658c71968cb4ba9fbf1c0a66cfe4aa
SHA256

25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709
SHA512

9a5537a07418c7f911867f8a5a0d1da66473bd5b6ad261f5adb69059ecb28e3d85f2e4ee857363845ef0c147b4659f298ae41db434e11785bf6c706c5db7f394
SSDEEP

24576:lhTksWI25HzoqC8a1AA9mft/+4mDwGHJPl4+eSRRMDKbCcMNnGQqWYsbFDLKKpYO:iFa16t/+L8SzMmOcMNnGoMK+gGpPkN

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/804-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/files/0x0007000000023575-5.dat	upx
behavioral2/memory/4576-87-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2892-165-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2564-164-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3752-185-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3920-187-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4796-186-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4708-188-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4608-189-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4820-190-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4828-191-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4012-193-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5024-196-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4576-194-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2564-195-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/804-192-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4528-198-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4588-197-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2428-200-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2892-199-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3752-202-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5036-203-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4796-204-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2416-206-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3920-205-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4800-208-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4708-207-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3080-212-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4820-210-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4608-209-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4304-214-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3904-217-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4828-216-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3112-215-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4976-213-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1920-211-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3736-221-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4420-220-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4012-218-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3428-219-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1972-223-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4588-224-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5132-228-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2428-227-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2576-226-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4528-225-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5024-222-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5184-230-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5036-229-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2416-232-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5248-233-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5288-235-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4800-234-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5324-240-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4304-239-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4976-238-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3080-237-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1920-236-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3112-243-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5452-248-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5468-250-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5524-262-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/5668-266-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\W:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\V:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\H:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\M:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\O:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\J:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\K:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\S:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\T:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\U:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\A:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\B:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\E:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\X:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\P:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\R:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\G:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\I:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File opened (read-only)	\??\N:	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian handjob big latex .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore cum full movie .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black action cumshot uncut hairy (Ashley).zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\fetish full movie hotel .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\french kicking [bangbus] (Britney).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian fetish lesbian .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx blowjob hidden ash mature (Kathrin).mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie [milf] upskirt (Karin,Melissa).zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking beastiality voyeur glans gorgeoushorny (Curtney,Liz).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian lesbian cum catfight feet circumcision .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang [milf] stockings .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian porn gay masturbation femdom .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\italian gay animal public lady (Sandy).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african handjob bukkake hot (!) nipples beautyfull (Janette,Gina).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx fetish voyeur girly .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\indian bukkake cumshot several models .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african cumshot beastiality [milf] shoes .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black animal hardcore uncut ash .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian [free] fishy (Sonja).rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian beast [milf] blondie (Janette).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian beastiality kicking [bangbus] (Sandy,Britney).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\porn [bangbus] glans black hairunshaved .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african hardcore sleeping vagina redhair (Jade).rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese horse lingerie hot (!) feet .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling lingerie girls mistress (Sonja).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob [milf] .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish kicking lesbian vagina .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{F0237BE9-D6E4-4703-93AC-27360BF5E970}\EDGEMITMP_1D2FD.tmp\lesbian gay lesbian girly .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\norwegian bukkake lesbian .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian gang bang blowjob lesbian cock 40+ .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german xxx voyeur black hairunshaved .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian cumshot voyeur (Liz).zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\african lesbian [milf] .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\nude hidden mature .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\cum cumshot voyeur bedroom .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\bukkake animal big .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\german lingerie fetish big cock .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese horse girls penetration .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish trambling catfight (Anniston,Sonja).rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\asian horse beast masturbation black hairunshaved .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian lesbian big (Sonja).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\security\templates\sperm girls mistress (Ashley).mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\african gang bang public (Ashley).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\british horse sperm [bangbus] .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\black xxx girls legs wifey (Samantha).mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\lingerie uncut 40+ .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian horse lesbian catfight blondie (Britney).rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african hardcore girls latex .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beastiality full movie shoes .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\tyrkish cum girls shoes (Jade,Gina).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\lingerie masturbation ejaculation (Tatjana,Christine).mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\black sperm fucking [milf] YEâPSè& .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\russian gang bang trambling public stockings .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\black gang bang [free] stockings .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese handjob gang bang uncut 50+ .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum masturbation legs .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\sperm kicking several models glans (Karin,Jenna).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\italian sperm girls fishy .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\russian beast lesbian beautyfull .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\italian bukkake kicking masturbation circumcision .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\russian beast fetish public pregnant .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\russian fetish catfight nipples upskirt .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian bukkake hot (!) lady .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake several models bedroom .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\danish lesbian hot (!) hairy .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\british xxx gay girls hairy .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\canadian kicking big latex (Curtney).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\black action cumshot [milf] balls (Tatjana,Ashley).rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\gay horse uncut .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia fetish gay public titts .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\german trambling cumshot girls ash .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish big .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\xxx lesbian catfight black hairunshaved (Janette,Sonja).zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\brasilian gang bang cum masturbation beautyfull .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\kicking cumshot full movie hole .rar.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian action full movie legs fishy .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\indian sperm bukkake uncut shower .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\xxx sleeping fishy (Melissa).zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\african action big lady .zip.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish hardcore action masturbation .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\sperm voyeur .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\chinese lingerie [milf] blondie .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish gang bang lesbian lesbian lady .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\british gay girls .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\british kicking public hole circumcision (Tatjana,Britney).mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\tyrkish blowjob big .mpeg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\tyrkish action [free] vagina traffic .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\bukkake cumshot hot (!) titts stockings (Karin,Britney).mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american trambling horse [bangbus] boobs .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\canadian blowjob lesbian .avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\kicking sperm several models mistress (Melissa,Britney).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fetish full movie nipples lady .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\black beastiality licking .mpg.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\norwegian handjob trambling [free] bedroom (Melissa).avi.exe	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4608	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4608	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4820	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4820	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4828	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4828	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4012	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4012	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
5024	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
5024	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4588	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4588	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4528	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4528	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2428	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
2428	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
5036	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
5036	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 4576	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	86
PID 804 wrote to memory of 4576	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	86
PID 804 wrote to memory of 4576	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	86
PID 4576 wrote to memory of 2564	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	89
PID 4576 wrote to memory of 2564	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	89
PID 4576 wrote to memory of 2564	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	89
PID 804 wrote to memory of 2892	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	90
PID 804 wrote to memory of 2892	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	90
PID 804 wrote to memory of 2892	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	90
PID 4576 wrote to memory of 3752	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	93
PID 4576 wrote to memory of 3752	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	93
PID 4576 wrote to memory of 3752	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	93
PID 804 wrote to memory of 4796	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	94
PID 804 wrote to memory of 4796	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	94
PID 804 wrote to memory of 4796	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	94
PID 2564 wrote to memory of 3920	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	95
PID 2564 wrote to memory of 3920	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	95
PID 2564 wrote to memory of 3920	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	95
PID 2892 wrote to memory of 4708	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	96
PID 2892 wrote to memory of 4708	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	96
PID 2892 wrote to memory of 4708	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	96
PID 3752 wrote to memory of 4608	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	98
PID 3752 wrote to memory of 4608	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	98
PID 3752 wrote to memory of 4608	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	98
PID 4576 wrote to memory of 4820	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	99
PID 4576 wrote to memory of 4820	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	99
PID 4576 wrote to memory of 4820	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	99
PID 804 wrote to memory of 4828	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	100
PID 804 wrote to memory of 4828	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	100
PID 804 wrote to memory of 4828	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	100
PID 2564 wrote to memory of 4012	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	101
PID 2564 wrote to memory of 4012	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	101
PID 2564 wrote to memory of 4012	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	101
PID 4796 wrote to memory of 5024	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	102
PID 4796 wrote to memory of 5024	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	102
PID 4796 wrote to memory of 5024	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	102
PID 2892 wrote to memory of 4588	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	103
PID 2892 wrote to memory of 4588	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	103
PID 2892 wrote to memory of 4588	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	103
PID 3920 wrote to memory of 4528	3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	104
PID 3920 wrote to memory of 4528	3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	104
PID 3920 wrote to memory of 4528	3920	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	104
PID 4708 wrote to memory of 2428	4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	105
PID 4708 wrote to memory of 2428	4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	105
PID 4708 wrote to memory of 2428	4708	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	105
PID 3752 wrote to memory of 5036	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	107
PID 3752 wrote to memory of 5036	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	107
PID 3752 wrote to memory of 5036	3752	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	107
PID 804 wrote to memory of 2416	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	108
PID 804 wrote to memory of 2416	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	108
PID 804 wrote to memory of 2416	804	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	108
PID 4576 wrote to memory of 4800	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	109
PID 4576 wrote to memory of 4800	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	109
PID 4576 wrote to memory of 4800	4576	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	109
PID 4796 wrote to memory of 1920	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	110
PID 4796 wrote to memory of 1920	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	110
PID 4796 wrote to memory of 1920	4796	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	110
PID 2892 wrote to memory of 3080	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	111
PID 2892 wrote to memory of 3080	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	111
PID 2892 wrote to memory of 3080	2892	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	111
PID 4608 wrote to memory of 4976	4608	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	112
PID 4608 wrote to memory of 4976	4608	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	112
PID 4608 wrote to memory of 4976	4608	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	112
PID 2564 wrote to memory of 4304	2564	25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:804
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14888
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14696
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14800
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14976
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14608
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:9592
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:860
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14712
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        7⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14640
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14564
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15072
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14920
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:884
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:9668
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:13376
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14728
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14848
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14648
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15256
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:9448
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:12980
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14680
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14936
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14760
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:9764
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:13384
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14736
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:14784
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:9584
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:13440
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14704
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:5324
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15088
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:11468
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:15064
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
      4⤵
      PID:15312
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:10124
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:5028
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:6900
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
    3⤵
    PID:14928
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:8420
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:12672
- C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\25e9f6ee0c91d709b14b9d9e230aa24199008dfb38163a2aff32bafad3481709_NeikiAnalytics.exe"
  2⤵
  PID:14904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african cumshot beastiality [milf] shoes .rar.exe

Filesize
183KB

MD5
f95c4272b2b9394822dcf5fa3c82effd

SHA1
eda463b33cec9b43a5ae895a8ab72d9907eac42e

SHA256
d2782b72a951caeb3b379374f6f2c95daafc0bff86c40c53ee85e119d7cc9339

SHA512
b73fb51bbee4af36447a7fec77f2d32b59aef155e9953e7626f6d2fefb39b9b9291a61d53a5e5a3b44fa53034640f05db13b43486143b4f3c0bf4bcf35c258ce

Download Submit
memory/804-192-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/804-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1920-211-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1920-236-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1972-223-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1972-259-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2416-206-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2416-232-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2428-200-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2428-227-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2564-164-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2564-195-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2576-226-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2576-271-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2892-199-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2892-165-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3080-212-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3080-237-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3112-243-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3112-215-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3428-255-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3428-219-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3736-221-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3736-257-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3752-202-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3752-185-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3904-217-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3904-244-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3920-205-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3920-187-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4012-193-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4012-218-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4304-214-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4304-239-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4420-220-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4420-256-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4528-225-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4528-198-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4576-87-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4576-194-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4588-224-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4588-197-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4608-209-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4608-189-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4708-207-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4708-188-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4796-186-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4796-204-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4800-208-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4800-234-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4820-210-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4820-190-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4828-216-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4828-191-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4976-238-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4976-213-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5024-196-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5024-222-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5036-229-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5036-203-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5132-273-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5132-228-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5184-230-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5184-278-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5248-280-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5248-233-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5288-283-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5288-235-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5324-240-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5408-245-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5420-246-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5432-258-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5440-247-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5452-248-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5460-249-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5468-250-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5476-251-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5484-252-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5492-253-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5500-254-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5508-260-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5516-261-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5524-262-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5532-263-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5540-264-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5548-265-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5668-266-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6224-272-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6272-274-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6280-279-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6288-281-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6296-275-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6304-276-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6312-277-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6360-284-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/6384-282-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download