3004c83eb56cba0ec7cb99fbb794fde69624b65fc13a6ba3d5754428f40367c0

Analysis

max time kernel
15s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Size

575KB
MD5

2482a144320b637120402687cf75dbd0
SHA1

2d751c2715f53cd76ee02031b348adf20844cfbd
SHA256

3004c83eb56cba0ec7cb99fbb794fde69624b65fc13a6ba3d5754428f40367c0
SHA512

91a25b8796e67864c18ccd6396989da06bf70e23da13327f91b0f8d2b145bd05594b1a8d310d2ca5d81a942394276b45587f5a0920b959c2dc6ac543ba88e29c
SSDEEP

12288:oGHasii9Bq07RDgd1qIQIcTFCPNM0UzBqj1FyAbnOec4KqRfvs1O:86JFD81bQIcT4M/UnzyL4rVs1O

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\swedish animal lesbian catfight titts penetration .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\british lingerie lesbian .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian horse beast masturbation leather .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish action sperm uncut (Karin).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish nude bukkake several models blondie .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob masturbation cock (Christine,Melissa).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob [bangbus] (Sylvia).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay hidden (Curtney).avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian masturbation beautyfull .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish cum fucking licking glans sweet .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish animal xxx uncut (Sarah).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling lesbian hotel .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\porn bukkake licking circumcision .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay licking mature (Sandy,Karin).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish trambling uncut .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\indian action xxx public blondie (Ashley,Sylvia).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\tyrkish cumshot gay [free] swallow .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian [free] blondie .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake hidden cock .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\hardcore big feet YEâPSè& .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese kicking blowjob several models .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish action bukkake public glans balls (Samantha).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse [milf] cock lady .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese porn horse several models hairy .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake big fishy .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish kicking gay several models feet .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm several models cock (Sonja,Liz).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob several models high heels (Anniston,Tatjana).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese kicking blowjob girls young .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black cum blowjob girls ash .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american animal sperm big glans .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\asian hardcore several models .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum fucking catfight girly (Anniston,Melissa).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\chinese lingerie masturbation mistress .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\japanese fetish fucking uncut feet ash (Janette).avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian animal fucking uncut feet gorgeoushorny .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\malaysia gay public feet sweet .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish action horse [bangbus] titts .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\tyrkish beastiality lingerie hot (!) .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\kicking sperm public hole swallow .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\spanish hardcore full movie cock mistress .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\fucking big .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian handjob lesbian [free] hole 50+ .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\canadian bukkake [free] pregnant .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\fucking catfight titts young .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beastiality bukkake hidden (Tatjana).rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish nude blowjob lesbian cock fishy .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian cum hardcore masturbation black hairunshaved .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay full movie glans gorgeoushorny (Liz).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore masturbation latex .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german sperm uncut 50+ .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\norwegian blowjob big hole .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\trambling hot (!) beautyfull .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake catfight glans upskirt (Sarah).rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian handjob fucking uncut (Jade).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian lingerie hot (!) cock .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay uncut .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\porn bukkake uncut shower .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\swedish gang bang horse girls feet granny .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish cumshot gay full movie .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\sperm voyeur .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\kicking trambling several models cock .mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fucking sleeping feet balls .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\porn beast several models titts Ôï .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish animal sperm masturbation .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\indian action horse several models titts boots (Sylvia).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian handjob horse hot (!) cock YEâPSè& .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese cumshot beast girls leather .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action lingerie public bedroom .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african beast uncut (Karin).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling public cock granny .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fucking [bangbus] feet stockings .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian gay [milf] .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\russian handjob bukkake masturbation (Liz).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french gay licking high heels .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\sperm voyeur ejaculation (Anniston,Tatjana).zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian fetish lesbian hidden feet redhair .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish fetish trambling full movie glans young .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish animal horse licking cock swallow (Liz).avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\trambling girls hole .rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\spanish hardcore hot (!) lady .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\nude sperm masturbation hole castration (Sarah).avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french hardcore uncut glans beautyfull (Sarah).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian kicking sperm girls shower .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\indian fetish trambling licking feet .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\handjob bukkake public hole mature .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian gay catfight Ôï (Kathrin,Liz).mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\spanish xxx [bangbus] (Janette).avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\action fucking uncut swallow (Sandy,Melissa).mpg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\russian cum lesbian masturbation leather .avi.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\danish gang bang horse uncut young .mpeg.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore full movie (Jade).rar.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese porn bukkake full movie wifey .zip.exe	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3156	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3156	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4060	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4060	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2940	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2940	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4376	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4376	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4488	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4488	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3704	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
3704	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4140	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
4140	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
396	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
396	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2068	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
2068	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 3968	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	86
PID 3392 wrote to memory of 3968	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	86
PID 3392 wrote to memory of 3968	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	86
PID 3392 wrote to memory of 1696	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	89
PID 3392 wrote to memory of 1696	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	89
PID 3392 wrote to memory of 1696	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	89
PID 3968 wrote to memory of 4660	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	90
PID 3968 wrote to memory of 4660	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	90
PID 3968 wrote to memory of 4660	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	90
PID 3968 wrote to memory of 2792	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	91
PID 3968 wrote to memory of 2792	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	91
PID 3968 wrote to memory of 2792	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	91
PID 1696 wrote to memory of 1952	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	92
PID 1696 wrote to memory of 1952	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	92
PID 1696 wrote to memory of 1952	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	92
PID 3392 wrote to memory of 764	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	93
PID 3392 wrote to memory of 764	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	93
PID 3392 wrote to memory of 764	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	93
PID 4660 wrote to memory of 1524	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	94
PID 4660 wrote to memory of 1524	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	94
PID 4660 wrote to memory of 1524	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	94
PID 3968 wrote to memory of 3156	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	95
PID 3968 wrote to memory of 3156	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	95
PID 3968 wrote to memory of 3156	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	95
PID 3392 wrote to memory of 4060	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	96
PID 3392 wrote to memory of 4060	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	96
PID 3392 wrote to memory of 4060	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	96
PID 1696 wrote to memory of 3704	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	97
PID 1696 wrote to memory of 3704	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	97
PID 1696 wrote to memory of 3704	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	97
PID 2792 wrote to memory of 2940	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	98
PID 2792 wrote to memory of 2940	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	98
PID 2792 wrote to memory of 2940	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	98
PID 1952 wrote to memory of 4376	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	99
PID 1952 wrote to memory of 4376	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	99
PID 1952 wrote to memory of 4376	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	99
PID 4660 wrote to memory of 4488	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	100
PID 4660 wrote to memory of 4488	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	100
PID 4660 wrote to memory of 4488	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	100
PID 764 wrote to memory of 4140	764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	101
PID 764 wrote to memory of 4140	764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	101
PID 764 wrote to memory of 4140	764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	101
PID 1524 wrote to memory of 396	1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	102
PID 1524 wrote to memory of 396	1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	102
PID 1524 wrote to memory of 396	1524	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	102
PID 3392 wrote to memory of 2068	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	103
PID 3392 wrote to memory of 2068	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	103
PID 3392 wrote to memory of 2068	3392	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	103
PID 3968 wrote to memory of 3880	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	104
PID 3968 wrote to memory of 3880	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	104
PID 3968 wrote to memory of 3880	3968	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	104
PID 1696 wrote to memory of 3592	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	105
PID 1696 wrote to memory of 3592	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	105
PID 1696 wrote to memory of 3592	1696	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	105
PID 4660 wrote to memory of 668	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	106
PID 4660 wrote to memory of 668	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	106
PID 4660 wrote to memory of 668	4660	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	106
PID 1952 wrote to memory of 4728	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	107
PID 1952 wrote to memory of 4728	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	107
PID 1952 wrote to memory of 4728	1952	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	107
PID 2792 wrote to memory of 1816	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	108
PID 2792 wrote to memory of 1816	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	108
PID 2792 wrote to memory of 1816	2792	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	108
PID 764 wrote to memory of 1580	764	2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        9⤵
        
        PID:20052
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:20644
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:20636
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:19728
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20504
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20620
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:19964
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19544
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20824
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:18896
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18864
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:20816
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19632
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19488
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20036
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20028
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:18412
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19032
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19908
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20208
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:19688
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19528
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19980
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20412
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20392
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19308
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20692
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20192
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20436
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19008
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19792
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19720
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19520
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20764
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:21624
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20336
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19892
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18824
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20612
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:19996
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20356
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20676
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19876
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19136
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19052
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20592
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19664
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19640
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:23916
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20840
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20708
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18780
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20168
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19804
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:21140
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19884
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19096
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20792
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19512
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19736
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19916
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:21632
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19820
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20724
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20660
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20668
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19608
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19696
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:17276
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20200
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19044
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19300
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19408
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:13728
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:18888
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:23908
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20732
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:21648
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:21132
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:20044
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20012
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20232
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19248
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19924
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20604
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19784
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:21656
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20244
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20756
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19536
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20220
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18880
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20488
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18800
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19080
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19392
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:17196
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19704
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:23900
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19568
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19772
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:18856
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20452
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19940
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19400
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:19560
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        7⤵
        
        PID:19828
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19900
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20184
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19552
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:18840
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20800
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20004
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19584
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19836
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19504
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19860
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:20444
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19600
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18828
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19672
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20700
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:18940
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19812
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19496
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:14160
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:20740
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19648
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:20404
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20628
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:21640
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19760
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:21616
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19852
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19768
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20428
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19576
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:14404
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:20420
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19656
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
        5⤵
        
        PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:19680
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20460
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:20832
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:18420
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:14396
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:20384
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
      4⤵
      PID:1300
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:14412
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:20716
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  PID:6456
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:19712
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  PID:9004
- - C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
    3⤵
    PID:19972
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  PID:13968
- C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\2482a144320b637120402687cf75dbd0_NeikiAnalytics.exe"
  2⤵
  PID:19592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese kicking blowjob girls young .mpg.exe

Filesize
1.6MB

MD5
fad66049629474b43839dc1f126c84e9

SHA1
6afe629ded349276d432cf088299a68bbce86ab9

SHA256
613ee7ba91c1ff1a1891f120abd03316f8c32ac9e2dff189c3e1d55ca26c44d5

SHA512
1b236155c99e1c09f8f35985a542864f9208c64bd059d5184469b5c999beeddae7ea71a174c4f6300a0ea58c5792b4ffe830722bc700268ae449a45779861af5

Download Submit