4d83c0c7a54363e6acd8b40ca845a5ba2159291ee94be2e1efd201ef7341f69f

Analysis

max time kernel
14s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Size

781KB
MD5

67b369cbbe60950e0fd252f7b0a46a90
SHA1

00d7dad14ce7c3b902e5c5df6930261f1c6a7a77
SHA256

4d83c0c7a54363e6acd8b40ca845a5ba2159291ee94be2e1efd201ef7341f69f
SHA512

ecd94f018af7bd39f34533f01cb4e7924a576606334eb7cfc2d290564e1c46910e2e45cfe05b3b2bac3a3ed5e43cc4209588977fc3c8fd84ce278167f07c12d9
SSDEEP

24576:A8b3NeQ0eto9Cjnc81/c6nFwSzjSiBBx4xc:Am3Nr0etaI5VS6BIc

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 19 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4640-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0007000000023407-5.dat	upx
behavioral2/memory/3904-13-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1924-154-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3512-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5944-172-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5900-175-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3456-185-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4640-184-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1184-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3904-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4304-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1924-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3512-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4696-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5944-191-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3212-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4640-193-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5900-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5008-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4816-196-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5480-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1540-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5756-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3456-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4456-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3472-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1184-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3848-207-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6016-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4304-205-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5460-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1916-206-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4696-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3900-211-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3376-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5060-214-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1912-217-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5016-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1384-215-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5008-218-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1596-220-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3140-219-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1580-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5240-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2476-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4456-225-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5480-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3848-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1916-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1332-226-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/548-227-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2092-232-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5940-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6016-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5032-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1912-236-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/488-239-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5060-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3900-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3752-240-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1580-242-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5100-241-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5628-246-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\U:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\A:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\H:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\I:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\M:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\O:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\B:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\K:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\L:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\R:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\W:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\G:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\T:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\V:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\E:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\J:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\N:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\P:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File opened (read-only)	\??\X:	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking [milf] hole latex (Tatjana).mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm [free] wifey .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish nude gay uncut (Sarah).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese cum lingerie girls YEâPSè& (Kathrin,Sarah).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast girls fishy .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay masturbation titts high heels (Jade).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian sleeping .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian hot (!) leather .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish handjob hardcore [free] hole .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx sleeping stockings .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot gay lesbian .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\british hardcore several models .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\russian cum xxx big hole latex .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian uncut cock sweet (Sylvia).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\lesbian voyeur feet (Christine,Sarah).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie licking .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\kicking blowjob [milf] .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie sleeping .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob licking traffic .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish handjob horse hidden titts sm (Samantha).rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish beastiality lesbian [milf] shower .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian kicking trambling sleeping (Jade).avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american action xxx sleeping cock (Ashley,Tatjana).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish horse trambling voyeur titts .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\hardcore hot (!) hole .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian kicking gay uncut granny .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black kicking hardcore big glans .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese cum xxx full movie high heels .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\italian fetish gay licking glans pregnant .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese action blowjob girls titts .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\danish cum horse masturbation latex .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\american horse sperm masturbation .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast several models (Curtney).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\action hardcore hidden (Sylvia).avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\bukkake girls .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\animal horse licking .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british lesbian uncut wifey (Anniston,Sylvia).rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking licking .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\fetish lesbian hidden titts .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese sperm licking titts YEâPSè& .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese action beast uncut hole .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\brasilian action xxx full movie feet balls .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\brasilian action trambling lesbian feet mistress (Janette).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish porn lesbian big boots .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\danish kicking sperm uncut glans mistress .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african bukkake voyeur .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\malaysia bukkake licking feet ejaculation .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish handjob xxx girls young .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese porn xxx hot (!) .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\xxx licking (Jade).mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\russian porn trambling voyeur hole .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese gang bang trambling [bangbus] feet ejaculation .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beast girls (Janette).rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob [free] .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fetish trambling sleeping hole .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german beast big feet .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\american porn xxx several models 50+ (Sonja,Curtney).rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\indian cum gay big swallow .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian cumshot sperm public granny .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american handjob xxx licking blondie .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\nude trambling [milf] .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\animal bukkake hot (!) blondie .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian lesbian several models titts .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\cum bukkake masturbation (Sylvia).rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\tyrkish kicking beast hidden bedroom .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\brasilian animal horse public (Tatjana).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian fetish xxx catfight mature (Christine,Tatjana).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\german xxx several models YEâPSè& .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\blowjob [bangbus] .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\trambling masturbation feet beautyfull .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\lingerie [free] hole blondie .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\spanish xxx lesbian (Janette).mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\lesbian full movie mature (Kathrin,Liz).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\fucking catfight .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia beast girls bondage .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm [free] redhair .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese animal lesbian hot (!) feet castration .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\hardcore sleeping feet young .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\handjob horse masturbation latex .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african sperm licking mistress .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\porn blowjob hidden feet .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish animal xxx public hole .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\action lingerie catfight cock balls .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british beast lesbian cock .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality blowjob full movie gorgeoushorny .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian kicking blowjob [bangbus] leather .zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\handjob horse sleeping leather .mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\african blowjob big 50+ (Anniston,Tatjana).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\bukkake hot (!) glans ìó .mpg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian gang bang lingerie catfight cock (Anniston,Melissa).zip.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\black horse hardcore [free] glans circumcision (Karin).mpeg.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\fetish trambling full movie .rar.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\hardcore uncut circumcision .avi.exe	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1540	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1540	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5756	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5756	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3456	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3456	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3472	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3472	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1184	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
1184	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4304	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4304	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5460	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5460	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4696	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4696	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3376	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
3376	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 3904	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	85
PID 4640 wrote to memory of 3904	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	85
PID 4640 wrote to memory of 3904	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	85
PID 3904 wrote to memory of 1924	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	87
PID 3904 wrote to memory of 1924	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	87
PID 3904 wrote to memory of 1924	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	87
PID 4640 wrote to memory of 3512	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	88
PID 4640 wrote to memory of 3512	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	88
PID 4640 wrote to memory of 3512	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	88
PID 1924 wrote to memory of 5944	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	91
PID 1924 wrote to memory of 5944	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	91
PID 1924 wrote to memory of 5944	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 3212	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 3212	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 3212	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	92
PID 4640 wrote to memory of 5900	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	93
PID 4640 wrote to memory of 5900	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	93
PID 4640 wrote to memory of 5900	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	93
PID 3512 wrote to memory of 4816	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	94
PID 3512 wrote to memory of 4816	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	94
PID 3512 wrote to memory of 4816	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	94
PID 3904 wrote to memory of 1540	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	95
PID 3904 wrote to memory of 1540	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	95
PID 3904 wrote to memory of 1540	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	95
PID 1924 wrote to memory of 5756	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	96
PID 1924 wrote to memory of 5756	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	96
PID 1924 wrote to memory of 5756	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	96
PID 5944 wrote to memory of 3456	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	97
PID 5944 wrote to memory of 3456	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	97
PID 5944 wrote to memory of 3456	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	97
PID 3212 wrote to memory of 3472	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	98
PID 3212 wrote to memory of 3472	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	98
PID 3212 wrote to memory of 3472	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	98
PID 4640 wrote to memory of 1184	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	99
PID 4640 wrote to memory of 1184	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	99
PID 4640 wrote to memory of 1184	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	99
PID 3512 wrote to memory of 4304	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	100
PID 3512 wrote to memory of 4304	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	100
PID 3512 wrote to memory of 4304	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	100
PID 5900 wrote to memory of 5460	5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	101
PID 5900 wrote to memory of 5460	5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	101
PID 5900 wrote to memory of 5460	5900	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	101
PID 4816 wrote to memory of 4696	4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	102
PID 4816 wrote to memory of 4696	4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	102
PID 4816 wrote to memory of 4696	4816	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	102
PID 3904 wrote to memory of 3376	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 3376	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 3376	3904	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	103
PID 3212 wrote to memory of 1384	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	106
PID 3212 wrote to memory of 1384	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	106
PID 3212 wrote to memory of 1384	3212	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	106
PID 1924 wrote to memory of 5016	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	104
PID 1924 wrote to memory of 5016	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	104
PID 1924 wrote to memory of 5016	1924	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	104
PID 5944 wrote to memory of 5008	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	105
PID 5944 wrote to memory of 5008	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	105
PID 5944 wrote to memory of 5008	5944	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	105
PID 1540 wrote to memory of 3140	1540	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	107
PID 1540 wrote to memory of 3140	1540	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	107
PID 1540 wrote to memory of 3140	1540	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	107
PID 3512 wrote to memory of 1596	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	108
PID 3512 wrote to memory of 1596	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	108
PID 3512 wrote to memory of 1596	3512	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	108
PID 4640 wrote to memory of 5240	4640	67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe	110

C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3904
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:19768
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:20376
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:21436
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:19816
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:20840
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:20848
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:20880
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8028
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        8⤵
        
        PID:19832
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:21684
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:20404
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:19784
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:18548
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:21184
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8976
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:21248
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7748
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4064
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:19736
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:20864
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8604
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3512
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:19848
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:20856
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:18760
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        7⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19760
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:18752
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19728
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:19800
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:21344
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:1584
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:20084
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7068
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8452
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:18632
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:12648
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:2292
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5900
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:20232
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:19840
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:3344
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7940
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:19720
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:6684
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:1348
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:20872
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:7948
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        6⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:3480
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:21428
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:1432
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:6436
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:5240
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:9772
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:8404
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:13228
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:5616
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:19744
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
      4⤵
      PID:21084
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:3088
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:6412
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:12508
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:448
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:8656
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:21676
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:8752
- - C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
    3⤵
    PID:12336
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:12320
- C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\67b369cbbe60950e0fd252f7b0a46a90_NeikiAnalytics.exe"
  2⤵
  PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob licking traffic .mpeg.exe

Filesize
120KB

MD5
2dbc8505443ad6e6b191cb5c59e0c0f7

SHA1
8e5193b9e2be4782700850bd205bea0bfe057847

SHA256
32101c07faa210d82e0f8ac2313c9fc8c093fd46a33f744cdb5cd11178d5a331

SHA512
4759c8205da7346cb598bd78a632a01ad2219d69e40d195fda0c4fe691eb3140541f2c80ce729024fb77f4cc13cf3e9342370ea060f26e050985b803ba704042

Download Submit
memory/488-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/548-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1184-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1184-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1232-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1332-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1384-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1540-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1580-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1580-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1596-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1912-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1912-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1916-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1916-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1924-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1924-154-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2092-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2092-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2476-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2812-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2812-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3140-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3376-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3456-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3456-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3472-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3512-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3512-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3752-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3848-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3848-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3880-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3880-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3900-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3900-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3904-13-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3904-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4304-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4304-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4372-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4436-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4456-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4456-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-330-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-388-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4696-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4696-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4812-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4816-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4872-281-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4900-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4912-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4912-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4980-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5008-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5008-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5016-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5032-253-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5032-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5060-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5060-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5092-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5100-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5100-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5112-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5144-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5208-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5240-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5400-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5448-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5460-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5480-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5480-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5488-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5628-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5628-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5756-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5888-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5888-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5900-175-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5900-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5940-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5940-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5944-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5944-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6016-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6016-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6260-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6276-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6412-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6528-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6560-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6568-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download