4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461

Analysis

max time kernel
13s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Size

756KB
MD5

6a20e50e8c3c85f918fc964fd12acea0
SHA1

de54a7ce54602a244a28364c19343a7de4b4df57
SHA256

4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461
SHA512

0d72d6dbf41931c8967180a31b17d2cdc49056f58eb75de19e151dd772b87635961a4af9b3a4d46c9eb5778dabe679b0d4b9b1d922c5d76b8738f3aa5555abe5
SSDEEP

12288:dXCNi9BJ/Xf96WhYWr7HDqdtE1TeErjGO9Z2XyVm/u3L7HQfMYIWyFZesDtkekyh:oWJ/Xf9r9r7jOtEheEFP6yVyub7H5/rr

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\M:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\S:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\X:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\B:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\E:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\W:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\G:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\H:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\O:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\R:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\U:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\A:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\I:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\N:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\P:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\T:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\V:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\J:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File opened (read-only)	\??\K:	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\norwegian nude masturbation .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\canadian lingerie several models cock pregnant (Ashley).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cumshot horse [bangbus] nipples sm (Sylvia).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\handjob lesbian ash castration .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian trambling blowjob masturbation .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie sleeping mature (Sarah).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal public .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cumshot full movie cock bedroom (Jenna,Sonja).zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\sperm sleeping 50+ .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish handjob horse [free] ejaculation .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american cum hidden .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish hardcore full movie balls .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\danish horse beast masturbation ejaculation (Janette,Samantha).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast lesbian .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay several models castration .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn catfight traffic (Jade,Sarah).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian hardcore beast full movie .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african beastiality sleeping ash .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie licking YEâPSè& .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american lingerie blowjob girls ash .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\kicking [free] sm .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\sperm blowjob girls gorgeoushorny .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\german beastiality fucking voyeur (Samantha,Sonja).rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse beast hot (!) balls (Sandy,Britney).mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish horse xxx [bangbus] mistress .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum public feet sweet .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\horse nude full movie .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\british animal animal catfight boobs .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum licking titts bondage .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german beastiality [free] .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\beast [milf] granny .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\porn lingerie hidden girly .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\norwegian sperm fucking [milf] 40+ .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\nude several models pregnant .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish handjob [free] .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beast licking hole black hairunshaved .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian lingerie nude hot (!) .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\kicking horse public (Britney,Samantha).rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking hot (!) upskirt .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot handjob lesbian mature .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish horse lesbian hole gorgeoushorny .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\beastiality hardcore full movie (Karin).zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian nude lingerie full movie boobs femdom .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse trambling full movie gorgeoushorny .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse girls titts 50+ .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish fetish kicking full movie leather (Karin,Samantha).zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\swedish horse fucking [free] .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish xxx beastiality licking .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\brasilian porn action voyeur fishy (Curtney,Curtney).rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lingerie action [milf] .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\xxx gang bang public legs .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\horse masturbation traffic (Sonja).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\bukkake [milf] .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\sperm hot (!) black hairunshaved (Sarah).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\animal sperm lesbian legs .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\blowjob [bangbus] swallow .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african animal [free] vagina redhair .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\tyrkish lesbian nude girls nipples granny (Sonja,Jenna).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\asian horse several models femdom .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\handjob voyeur feet (Gina,Janette).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\beast hidden .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\sperm catfight .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\indian porn masturbation .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\black beastiality nude public .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\canadian horse [bangbus] young (Sylvia,Ashley).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\norwegian hardcore catfight penetration .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish kicking sleeping boobs .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\horse uncut .rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish nude [free] feet swallow (Gina,Ashley).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian gay kicking catfight leather .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\italian beast xxx masturbation .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn sleeping stockings (Christine).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse beast girls (Kathrin).rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\italian gang bang lingerie sleeping high heels .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian kicking sleeping boots (Christine).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob blowjob girls .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\security\templates\canadian horse nude hidden .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking voyeur vagina castration .avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lesbian horse [free] ash .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\handjob animal public (Sonja).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\animal gang bang sleeping 50+ (Sarah,Sylvia).mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx uncut hairy .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french bukkake hidden .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\chinese fetish lesbian legs wifey .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french animal full movie hole wifey .mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm gang bang hidden lady .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian kicking [free] ash .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\indian gang bang uncut shoes (Samantha).rar.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese xxx several models (Britney,Sandy).mpg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\chinese nude sleeping cock 40+ .mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cumshot cumshot hidden (Sonja,Samantha).mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\fucking big legs shower (Janette,Kathrin).avi.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\horse masturbation castration .zip.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\african fucking sleeping wifey (Tatjana).mpeg.exe	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4076	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4076	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2736	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2736	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
824	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
824	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4056	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4056	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4328	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4328	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2964	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2964	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
592	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
592	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4192	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
4192	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2560	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
2560	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 696	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	81
PID 4868 wrote to memory of 696	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	81
PID 4868 wrote to memory of 696	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	81
PID 696 wrote to memory of 700	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	82
PID 696 wrote to memory of 700	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	82
PID 696 wrote to memory of 700	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	82
PID 4868 wrote to memory of 4784	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	83
PID 4868 wrote to memory of 4784	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	83
PID 4868 wrote to memory of 4784	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	83
PID 696 wrote to memory of 2872	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	84
PID 696 wrote to memory of 2872	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	84
PID 696 wrote to memory of 2872	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	84
PID 700 wrote to memory of 2176	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	85
PID 700 wrote to memory of 2176	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	85
PID 700 wrote to memory of 2176	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	85
PID 4868 wrote to memory of 2104	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 2104	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 2104	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	86
PID 4784 wrote to memory of 2836	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	87
PID 4784 wrote to memory of 2836	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	87
PID 4784 wrote to memory of 2836	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	87
PID 696 wrote to memory of 4076	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	88
PID 696 wrote to memory of 4076	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	88
PID 696 wrote to memory of 4076	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	88
PID 700 wrote to memory of 2736	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	89
PID 700 wrote to memory of 2736	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	89
PID 700 wrote to memory of 2736	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	89
PID 4868 wrote to memory of 824	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 824	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 824	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	90
PID 2176 wrote to memory of 4056	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	91
PID 2176 wrote to memory of 4056	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	91
PID 2176 wrote to memory of 4056	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	91
PID 4784 wrote to memory of 4328	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	92
PID 4784 wrote to memory of 4328	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	92
PID 4784 wrote to memory of 4328	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	92
PID 2872 wrote to memory of 2964	2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	93
PID 2872 wrote to memory of 2964	2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	93
PID 2872 wrote to memory of 2964	2872	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	93
PID 2104 wrote to memory of 592	2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	94
PID 2104 wrote to memory of 592	2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	94
PID 2104 wrote to memory of 592	2104	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	94
PID 2836 wrote to memory of 4192	2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	95
PID 2836 wrote to memory of 4192	2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	95
PID 2836 wrote to memory of 4192	2836	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	95
PID 700 wrote to memory of 2560	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	96
PID 700 wrote to memory of 2560	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	96
PID 700 wrote to memory of 2560	700	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	96
PID 696 wrote to memory of 2144	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	97
PID 696 wrote to memory of 2144	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	97
PID 696 wrote to memory of 2144	696	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	97
PID 4076 wrote to memory of 1456	4076	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	98
PID 4076 wrote to memory of 1456	4076	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	98
PID 4076 wrote to memory of 1456	4076	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	98
PID 4868 wrote to memory of 4712	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 4712	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 4712	4868	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	99
PID 2176 wrote to memory of 2084	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	100
PID 2176 wrote to memory of 2084	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	100
PID 2176 wrote to memory of 2084	2176	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	100
PID 2736 wrote to memory of 1444	2736	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	101
PID 2736 wrote to memory of 1444	2736	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	101
PID 2736 wrote to memory of 1444	2736	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	101
PID 4784 wrote to memory of 224	4784	4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:696
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:21620
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        8⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:22088
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:20592
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:21344
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:19280
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:19376
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:20888
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:22112
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:15636
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:22120
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:21048
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:20664
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:20872
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:21184
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:19368
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:19100
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:20608
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:19856
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:21328
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16412
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16396
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:19520
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:16316
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:20216
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:22144
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        7⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:20880
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:21276
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:21236
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:18936
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:20684
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11712
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:15504
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:22320
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16352
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:17000
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:20600
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:17888
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11904
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:10284
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:15680
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:22152
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        6⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:20116
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16876
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:11740
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:17444
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:19248
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:20896
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:12680
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:12476
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:19064
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:4712
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:17260
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
      4⤵
      PID:21932
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:11704
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:16376
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:3380
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:11228
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:15672
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:22300
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:6540
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:11052
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:15304
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:17388
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:8440
- - C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
    3⤵
    PID:12656
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:11680
- C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4ea919512b2ad122e97187231a70af4394f2465c6c06b015a1e0b8c656427461_NeikiAnalytics.exe"
  2⤵
  PID:14920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\british animal animal catfight boobs .rar.exe

Filesize
1.3MB

MD5
7935809fae382fb36282ff31c8d166f6

SHA1
1d45d3bfa9d676b23ea7ed1c075bffaf014524e7

SHA256
fa132111d5ca38017c586b0302288de776a51f86db99a2ff4198c257b18b690c

SHA512
9ee54a4fd99d73e084d9a167a04bccc32f4cabb1b6d8cdc91ccff077635712cd4fadb76c81034c5167eda19d29292e84952a299207f5d1fa00c7340cf2337af2

Download Submit
C:\debug.txt

Filesize
146B

MD5
eba479929ee9fd0f2aee55db9c8a2dcc

SHA1
6bcf6aed48b85cbf34e329737c5fd2d9b13f9a05

SHA256
dd616fecf67ab493cee394ca6726c020e16f54555bf16042d3ef4c42357a4b8f

SHA512
93ceb361c39cc73c05f2edccd818c0607700b9ac9ae3f82e1be4c817380fbb23953f221a2d0dd9084d910203847925bcbb72ce1b5d80e4de45a11c4168fd55e4

Download Submit
memory/224-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/592-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/696-21-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/700-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/752-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/824-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1240-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1852-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2104-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2560-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2836-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2872-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3448-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3916-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4056-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4076-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4192-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4308-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4328-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4776-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4784-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4868-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5004-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5444-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5488-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5496-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5504-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5536-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5544-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5556-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5564-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5700-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5720-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5852-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5944-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6000-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6108-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6192-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6240-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6328-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6348-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6380-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6408-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6456-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6464-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6472-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6528-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6676-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6688-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7096-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7104-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7120-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7128-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7136-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7152-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7164-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7276-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7396-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7512-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8256-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8264-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8288-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8296-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8304-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8312-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8320-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8328-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8344-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8352-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8368-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8376-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8384-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8392-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8408-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8416-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8424-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8432-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8448-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8456-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8464-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8496-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8528-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8536-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8544-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8552-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8560-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8568-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8576-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8584-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8624-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download