441ed400b566bc985d20a85adb60690c2f7a29c3d7486e432331b22c8283e496

Analysis

max time kernel
11s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Size

1.4MB
MD5

aac1a036a2c4e76de6d433773c8156a0
SHA1

4f8b7b3f6e4b18e4b702be36f93d260926f6cdc7
SHA256

441ed400b566bc985d20a85adb60690c2f7a29c3d7486e432331b22c8283e496
SHA512

48afe9c6750310466ca281d67bc2123f53f80d554971f72eaad43cc2e0e309716b299a7792fbf85614da222d2bb0601028f9d2ac7ffcdb0a941fab0c56812245
SSDEEP

24576:sSLW2SP5x6vmR7+tvZ05iXmCVO1S3xEmbiOwHkNxBZm5rhjfYjPvT7q:sCYx6v5i1bTOhHINhUjPv3q

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2532-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x00080000000235dc-5.dat	upx
behavioral2/memory/2232-66-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/912-157-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4508-158-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4572-175-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2296-177-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3748-176-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4164-180-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2872-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1468-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2372-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3576-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2532-191-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2232-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/912-193-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3312-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4508-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1740-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4572-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3748-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2296-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2408-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1988-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3212-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2372-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3576-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5028-207-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1468-206-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2872-205-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/624-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4164-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3312-211-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1692-212-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1988-218-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5436-217-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5428-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/624-219-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3212-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5028-220-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5476-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5260-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5436-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5896-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5548-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5832-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5532-225-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6388-239-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6492-244-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5532-243-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6372-241-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6608-250-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6596-249-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5548-248-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5896-247-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5832-246-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5540-245-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5516-240-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5492-238-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6420-242-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6336-237-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6352-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6344-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5456-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish fucking horse catfight boobs leather .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\horse lesbian hole ash .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling full movie femdom .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian beast nude public (Liz,Jenna).mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse lingerie [free] titts ash .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\bukkake uncut high heels .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\porn fetish [free] .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish trambling kicking several models ash (Tatjana,Christine).mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian lesbian fucking public balls (Karin).rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish porn beast sleeping shower (Tatjana,Curtney).avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling hot (!) mature .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action several models Œã .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\animal uncut .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beastiality horse girls black hairunshaved (Karin,Janette).mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum [free] cock (Liz).mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian xxx hidden legs YEâPSè& .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian porn hot (!) (Karin).mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx several models .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\canadian xxx full movie .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking hardcore [milf] redhair .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian horse [bangbus] shoes .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian xxx sperm [milf] balls .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\fetish [free] (Anniston).zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\action hidden traffic .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\trambling lesbian public titts swallow .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum hot (!) sweet .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese kicking [free] feet .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian xxx [free] ash .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\african cumshot beast lesbian stockings .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian action public stockings .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\EDGEMITMP_509DC.tmp\beast catfight legs mature .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\lesbian kicking big .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\german lesbian girls upskirt .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\kicking [bangbus] ash .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\kicking horse girls nipples .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\trambling uncut .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\swedish horse nude lesbian .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\russian kicking sperm hidden wifey .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\action horse sleeping ash YEâPSè& .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot handjob masturbation boots .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish nude girls ash .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian nude lingerie full movie leather .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french fetish lesbian stockings .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\norwegian action sperm uncut upskirt .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\porn [bangbus] .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\french trambling voyeur femdom (Sonja).avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\sperm lesbian glans pregnant .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\xxx sleeping penetration (Karin,Anniston).mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese beast [bangbus] mistress .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian sperm [bangbus] stockings (Jenna,Gina).avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\sperm horse big (Ashley).avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\porn [bangbus] .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\german cumshot lingerie hot (!) .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\tyrkish gay action girls hotel (Melissa).mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\norwegian blowjob cumshot full movie penetration (Sylvia).rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\handjob horse hot (!) .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black kicking gang bang girls cock mistress .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\hardcore horse voyeur stockings .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\italian blowjob handjob lesbian (Janette).zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\malaysia animal hidden upskirt .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\swedish porn beast licking .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\german sperm gang bang [free] .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\french trambling beastiality catfight cock black hairunshaved .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\indian blowjob voyeur feet shower .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\danish trambling several models .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse gay [bangbus] circumcision (Curtney,Anniston).zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\canadian sperm hot (!) leather .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\lesbian [free] .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\british kicking sleeping boobs 40+ (Kathrin,Karin).mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\british kicking voyeur legs stockings .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\gay kicking lesbian ash .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish trambling hidden 40+ .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\brasilian lingerie lesbian .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\italian gay several models (Ashley).zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\british sperm girls hole .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\italian horse uncut granny .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lesbian lesbian blondie (Karin).zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\german beast sperm full movie .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\fetish lesbian boobs girly .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\german handjob cum big (Janette,Karin).mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\xxx handjob lesbian sweet (Liz,Jenna).mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\chinese beast beastiality voyeur nipples young (Britney,Curtney).rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese trambling big .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish xxx trambling voyeur granny .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian gay action girls boobs boots .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\lingerie trambling public .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fucking animal lesbian boobs .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\nude masturbation bedroom .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cumshot beastiality licking titts penetration .zip.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\british gang bang lesbian .mpg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\lingerie blowjob [milf] hairy .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\kicking beastiality big titts mistress .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\german gay masturbation .rar.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian horse fetish hot (!) .mpeg.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\american cum [bangbus] .avi.exe	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2872	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2872	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
1468	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
1468	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3576	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3576	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2372	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2372	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3124	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3124	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2976	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2976	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3312	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
3312	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
1692	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
1692	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2232	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	93
PID 2532 wrote to memory of 2232	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	93
PID 2532 wrote to memory of 2232	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	93
PID 2232 wrote to memory of 912	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	95
PID 2232 wrote to memory of 912	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	95
PID 2232 wrote to memory of 912	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	95
PID 2532 wrote to memory of 4508	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	96
PID 2532 wrote to memory of 4508	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	96
PID 2532 wrote to memory of 4508	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	96
PID 2232 wrote to memory of 4572	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	98
PID 2232 wrote to memory of 4572	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	98
PID 2232 wrote to memory of 4572	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	98
PID 2532 wrote to memory of 3748	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	99
PID 2532 wrote to memory of 3748	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	99
PID 2532 wrote to memory of 3748	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	99
PID 912 wrote to memory of 2296	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	100
PID 912 wrote to memory of 2296	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	100
PID 912 wrote to memory of 2296	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	100
PID 4508 wrote to memory of 4164	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	101
PID 4508 wrote to memory of 4164	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	101
PID 4508 wrote to memory of 4164	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	101
PID 2232 wrote to memory of 2872	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	102
PID 2232 wrote to memory of 2872	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	102
PID 2232 wrote to memory of 2872	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	102
PID 912 wrote to memory of 1468	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	103
PID 912 wrote to memory of 1468	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	103
PID 912 wrote to memory of 1468	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	103
PID 4572 wrote to memory of 3576	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	104
PID 4572 wrote to memory of 3576	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	104
PID 4572 wrote to memory of 3576	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	104
PID 2532 wrote to memory of 2372	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	105
PID 2532 wrote to memory of 2372	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	105
PID 2532 wrote to memory of 2372	2532	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	105
PID 3748 wrote to memory of 3124	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	106
PID 3748 wrote to memory of 3124	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	106
PID 3748 wrote to memory of 3124	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	106
PID 4508 wrote to memory of 2976	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	107
PID 4508 wrote to memory of 2976	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	107
PID 4508 wrote to memory of 2976	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	107
PID 2296 wrote to memory of 3312	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	108
PID 2296 wrote to memory of 3312	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	108
PID 2296 wrote to memory of 3312	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	108
PID 4164 wrote to memory of 1692	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	109
PID 4164 wrote to memory of 1692	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	109
PID 4164 wrote to memory of 1692	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	109
PID 2232 wrote to memory of 1740	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	110
PID 2232 wrote to memory of 1740	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	110
PID 2232 wrote to memory of 1740	2232	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	110
PID 912 wrote to memory of 3716	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	111
PID 912 wrote to memory of 3716	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	111
PID 912 wrote to memory of 3716	912	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	111
PID 4572 wrote to memory of 1988	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	112
PID 4572 wrote to memory of 1988	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	112
PID 4572 wrote to memory of 1988	4572	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	112
PID 2296 wrote to memory of 2408	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	114
PID 2296 wrote to memory of 2408	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	114
PID 2296 wrote to memory of 2408	2296	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	114
PID 4164 wrote to memory of 624	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	115
PID 4164 wrote to memory of 624	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	115
PID 4164 wrote to memory of 624	4164	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	115
PID 3748 wrote to memory of 4700	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	117
PID 3748 wrote to memory of 4700	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	117
PID 3748 wrote to memory of 4700	3748	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	117
PID 4508 wrote to memory of 5028	4508	aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        9⤵
        
        PID:25676
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:20692
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:22020
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:27604
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:25148
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:21812
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:25980
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:22604
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:20576
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:23628
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22100
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19316
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:22780
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:20700
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:23980
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:25252
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:23336
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22556
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:22076
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:20732
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:21500
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:25164
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22068
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:25704
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:27460
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:25064
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:19648
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:23972
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23608
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:26276
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22548
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:23296
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:25612
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:22116
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:20356
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:21968
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:21112
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:26284
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:25024
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:26464
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:25728
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:24200
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:24952
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23956
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:21488
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:26324
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20524
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20288
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:26160
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22524
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19524
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:23964
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:25736
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20708
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22628
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23656
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19384
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:25712
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:21228
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22036
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22596
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20532
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23664
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19548
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:26268
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23648
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23028
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:23620
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22572
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20060
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:26124
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:19532
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26336
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:22612
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:12928
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:17492
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:25912
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        8⤵
        
        PID:27612
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:25412
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:26316
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22092
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22052
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:26544
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:22356
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20816
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23304
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22124
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20548
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:21924
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22044
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:21820
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20116
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23020
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20724
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22264
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26472
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:24392
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22060
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:21136
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:21828
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19508
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22168
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26484
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22564
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20452
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26552
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:26144
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:24644
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:23328
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:21944
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:13992
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:20364
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20676
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:23320
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:27636
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:25420
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22028
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22196
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22580
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20824
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19320
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:164
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:25808
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:19452
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20184
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6676
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:27308
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:17400
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:25620
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        6⤵
        
        PID:22132
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:20244
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:21120
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:27452
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:25172
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:23312
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26152
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:22400
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20584
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:27628
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:25844
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:22588
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:13836
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:19516
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:3212
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
        5⤵
        
        PID:25720
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:20880
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:26560
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:12916
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:17512
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:25896
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:5492
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:21936
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
      4⤵
      PID:22540
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:14936
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:20684
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:7192
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:17000
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:23232
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:8556
- - C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
    3⤵
    PID:22108
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:13172
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:18356
- C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac1a036a2c4e76de6d433773c8156a0_NeikiAnalytics.exe"
  2⤵
  PID:27300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
1⤵
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking hardcore [milf] redhair .rar.exe

Filesize
985KB

MD5
7a32b46c2df55a596bdac54cd1671997

SHA1
2991a6fdb34d627504a1cfe4eccd0394c9e59b23

SHA256
3dccb86bf192f16249e72139fea6de32c6f1a852b2d3651cf8864fe0ecf93ab4

SHA512
edef9298d376200d0e2a94894700010d45b6fc8b82b56a9fddae53c67f859ba86c77dece83fbdb52b554bb21a8839745d38e39ca5d4fba22b8a5c04f151099ec

Download Submit
memory/624-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/624-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/912-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/912-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1468-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1468-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1508-304-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1692-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1740-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1988-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1988-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2232-66-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2232-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2296-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2296-177-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2408-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2532-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2532-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2872-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2872-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3028-291-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3312-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3312-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3576-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3576-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3748-176-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3748-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4164-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4164-180-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4508-158-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4508-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4572-175-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4572-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5028-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5028-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5260-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5428-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5436-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5436-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5456-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5476-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5492-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5516-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5532-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5532-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5540-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5548-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5548-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5832-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5832-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5896-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5896-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6148-286-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6148-301-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6216-302-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6216-287-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6236-307-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6248-305-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6336-253-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6336-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6344-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6352-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6372-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6380-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6380-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6388-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6420-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6444-306-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6492-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6596-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6608-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6780-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7096-292-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7096-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7104-297-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7104-282-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7112-283-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7112-298-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7120-299-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7120-284-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7128-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7128-294-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7136-293-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7136-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7144-281-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7144-296-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7152-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7152-295-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7160-285-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7160-300-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7184-303-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/8072-290-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download