0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3

Analysis

max time kernel
13s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 18:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Size

265KB
MD5

1267f45d59ff5a0c77f0e4b94f6eda40
SHA1

981a9f426bc0c77853c7f0b62664359994d19cd5
SHA256

0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3
SHA512

aa1fe7a1f7af849cc81e733179e1c2e44eb62d17867b3b7875a9fb343390edc695f84a681c30437264495d9cf4ae198030f05ad77e6a87a1ea02f11e3932090e
SSDEEP

6144:dXC4vgmhbIxs3NBRbYrbQAoHdnVu5pwNfj6QmcTt9EUHhpxjeG2:dXCNi9B0bQAmnVjOz4LTHhqG2

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\H:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\S:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\E:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\B:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File opened (read-only)	\??\U:	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang sperm [free] granny .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian voyeur glans (Kathrin,Melissa).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay catfight feet YEâPSè& (Sarah).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore girls (Sarah).mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\american kicking beast [free] .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\german fucking [milf] stockings (Sonja,Tatjana).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black fetish horse masturbation titts .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx girls 50+ (Kathrin,Tatjana).avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian beastiality gay full movie glans femdom .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob hot (!) leather .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay uncut titts .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian beastiality trambling public young .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american action fucking catfight (Karin).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay licking fishy .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian porn xxx sleeping .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish action blowjob uncut hotel .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\black fetish lingerie licking gorgeoushorny (Gina,Melissa).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast masturbation .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian horse gay public hole ejaculation .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish animal lingerie sleeping (Curtney).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\EDGEMITMP_509DC.tmp\bukkake public cock .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake big Ôï .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\asian xxx full movie black hairunshaved (Gina,Samantha).avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob full movie .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\brasilian animal blowjob sleeping glans wifey (Karin).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\bukkake public hole girly .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\italian fetish bukkake [free] glans Ôï (Liz).avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black cum fucking licking boots .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore licking hole .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese horse several models YEâPSè& .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\fucking catfight glans .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian gang bang lesbian girls cock mistress (Sylvia).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian handjob horse hot (!) mature .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\action xxx [milf] glans .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish cumshot gay hot (!) (Karin).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling [milf] hole .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\xxx masturbation hole .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british fucking sleeping balls (Jenna,Sarah).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\fetish horse catfight cock young (Curtney).mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\danish handjob lingerie [milf] (Sylvia).mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality xxx [free] feet bedroom .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\action trambling public ejaculation .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\lingerie girls titts young (Sylvia).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\trambling masturbation hole gorgeoushorny .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\canadian xxx [free] hole .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\danish handjob xxx [milf] hotel .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\danish horse blowjob [free] .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\german trambling masturbation stockings .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian gang bang lingerie uncut cock Ôï (Jade).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\black beastiality blowjob masturbation (Curtney).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gay masturbation titts .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\horse hardcore several models high heels .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish kicking blowjob hot (!) cock femdom .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\black gang bang trambling public balls .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\sperm public hairy .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\indian nude bukkake lesbian .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\porn hardcore hot (!) cock penetration (Karin).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\german lingerie [free] upskirt (Ashley,Tatjana).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia lingerie big titts high heels .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\nude sperm several models .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gay full movie blondie .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french trambling public (Sarah).avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm lesbian (Sarah).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking uncut feet .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob full movie cock .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\lingerie public .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\porn sperm big glans .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\asian lingerie voyeur hole balls (Liz).mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\action xxx catfight .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\action fucking catfight latex .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish gang bang lesbian [milf] cock (Gina,Curtney).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\african beast masturbation .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\xxx hot (!) titts .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\beast lesbian hole 50+ (Curtney).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\german xxx sleeping ejaculation .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\malaysia sperm hidden bondage (Kathrin,Tatjana).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\canadian fucking hidden feet swallow .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\bukkake hot (!) redhair .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beast hot (!) YEâPSè& .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian horse bukkake public \Û .mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese fetish xxx hidden hole blondie (Sarah).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish horse horse catfight hole leather (Tatjana).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\asian lesbian [bangbus] lady .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\horse licking cock girly (Curtney).mpeg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\african hardcore big 50+ .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\american beastiality blowjob uncut hole young .mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\spanish blowjob lesbian bedroom .rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\xxx hot (!) titts granny (Sylvia).rar.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\horse trambling [milf] feet boots .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking blowjob hidden .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\brasilian gang bang gay full movie .zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\russian porn fucking [free] feet lady .avi.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish cumshot lingerie masturbation 50+ (Gina,Tatjana).mpg.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\american kicking xxx masturbation cock (Britney,Curtney).zip.exe	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2512	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2512	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2920	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2920	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2468	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2468	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2884	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2884	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1984	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1984	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4880	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4880	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1572	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1572	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4288	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4288	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3940	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
3940	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1568	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	90
PID 2024 wrote to memory of 1568	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	90
PID 2024 wrote to memory of 1568	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	90
PID 1568 wrote to memory of 4692	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	95
PID 1568 wrote to memory of 4692	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	95
PID 1568 wrote to memory of 4692	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	95
PID 2024 wrote to memory of 2612	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	96
PID 2024 wrote to memory of 2612	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	96
PID 2024 wrote to memory of 2612	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	96
PID 4692 wrote to memory of 3004	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	98
PID 4692 wrote to memory of 3004	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	98
PID 4692 wrote to memory of 3004	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	98
PID 1568 wrote to memory of 1780	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	99
PID 1568 wrote to memory of 1780	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	99
PID 1568 wrote to memory of 1780	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	99
PID 2024 wrote to memory of 4020	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	100
PID 2024 wrote to memory of 4020	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	100
PID 2024 wrote to memory of 4020	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	100
PID 2612 wrote to memory of 4916	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	101
PID 2612 wrote to memory of 4916	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	101
PID 2612 wrote to memory of 4916	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	101
PID 3004 wrote to memory of 2512	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	103
PID 3004 wrote to memory of 2512	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	103
PID 3004 wrote to memory of 2512	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	103
PID 4692 wrote to memory of 2920	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	104
PID 4692 wrote to memory of 2920	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	104
PID 4692 wrote to memory of 2920	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	104
PID 1568 wrote to memory of 2468	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	105
PID 1568 wrote to memory of 2468	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	105
PID 1568 wrote to memory of 2468	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	105
PID 2024 wrote to memory of 2884	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	106
PID 2024 wrote to memory of 2884	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	106
PID 2024 wrote to memory of 2884	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	106
PID 2612 wrote to memory of 1984	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	107
PID 2612 wrote to memory of 1984	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	107
PID 2612 wrote to memory of 1984	2612	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	107
PID 1780 wrote to memory of 4880	1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	108
PID 1780 wrote to memory of 4880	1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	108
PID 1780 wrote to memory of 4880	1780	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	108
PID 4020 wrote to memory of 1572	4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	109
PID 4020 wrote to memory of 1572	4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	109
PID 4020 wrote to memory of 1572	4020	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	109
PID 4916 wrote to memory of 4288	4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	110
PID 4916 wrote to memory of 4288	4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	110
PID 4916 wrote to memory of 4288	4916	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	110
PID 4692 wrote to memory of 3940	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	113
PID 4692 wrote to memory of 3940	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	113
PID 3004 wrote to memory of 4460	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	114
PID 4692 wrote to memory of 3940	4692	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	113
PID 3004 wrote to memory of 4460	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	114
PID 3004 wrote to memory of 4460	3004	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	114
PID 2512 wrote to memory of 4836	2512	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	115
PID 2512 wrote to memory of 4836	2512	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	115
PID 2512 wrote to memory of 4836	2512	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	115
PID 1568 wrote to memory of 4784	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	116
PID 1568 wrote to memory of 4784	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	116
PID 1568 wrote to memory of 4784	1568	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	116
PID 2920 wrote to memory of 2872	2920	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	117
PID 2920 wrote to memory of 2872	2920	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	117
PID 2920 wrote to memory of 2872	2920	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	117
PID 2468 wrote to memory of 3736	2468	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	120
PID 2468 wrote to memory of 3736	2468	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	120
PID 2468 wrote to memory of 3736	2468	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	120
PID 2024 wrote to memory of 2736	2024	0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15296
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15288
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15456
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15624
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:14100
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:11948
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:15424
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15464
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:680
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15280
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:14356
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:19328
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:14184
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:11956
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:16076
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15040
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15480
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:14112
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:12220
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:16028
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15064
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15368
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:632
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:11908
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:16036
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:4040
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:15708
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
      4⤵
      PID:2600
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:16084
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:5860
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:14380
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:6524
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:14928
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:8300
- - C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
    3⤵
    PID:15384
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:11852
- C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a946a0410d8f101b1750f0bbb5917868d5c20021197fc7a3c0c3f4c7ef472d3_NeikiAnalytics.exe"
  2⤵
  PID:15472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black cum fucking licking boots .zip.exe

Filesize
1.7MB

MD5
caf6deb432a0170b3711f51ce415b9ed

SHA1
e5bde38948ffc05c1574ac1bef245e2f10c85acf

SHA256
cc0e3a0e8fbfcdf539af8f224c91772b8bcaaf88e402321e8a245ad320a9a12f

SHA512
e32c213ce9ac71765704dab858114206a63c07d1c79fb2df96117e46d8d728148c6cae292dc17073ead9a03ecd2f72807b10867f1bb75f319cc75750f232fc68

Download Submit
C:\debug.txt

Filesize
146B

MD5
72316bae7e5938dff3d0029b268e4aa0

SHA1
5d6b8369db3065e7202094dceb12b1088fd48994

SHA256
3a5ae650db825c3d5fd6af47cf4c6f7f77ea2e3f79b717fa57f9af53cbc615bd

SHA512
49d333721fb299e603a9aaf7f0b033681558eda8ed63730c7f3068c9adc0a81e0e66212f52e06e5635319659249ffd0fa84ef877f4e14ad53fb43a184fa9e880

Download Submit