07286691f32c8ddef4751b8bcdb641e2016d1f13312ef02576ce1ff1450a0cd5

Analysis

max time kernel
11s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Size

1.1MB
MD5

cf23c3cac9c5eda1b2810d90fefa7e10
SHA1

c562db81e4750235af84ea8ec67d2201dbc13f82
SHA256

07286691f32c8ddef4751b8bcdb641e2016d1f13312ef02576ce1ff1450a0cd5
SHA512

dec118717e068949a5c198e120c0572f6c1b491ee05b921acf21e4a8213719e70ea7f255539e5ac258ce9d3161779f10658deb213ffc77e208016fac6b49d721
SSDEEP

24576:oWGEFW2ImNZLfWq6JB0yfS4+fcTU1urB54Qp8iFzLAT:VG2WGTWb92ul54Qp8is

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\K:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\O:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\S:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\B:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\H:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\P:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\X:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\I:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\L:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\R:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\U:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\V:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\A:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\E:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\G:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\M:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\N:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\T:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File opened (read-only)	\??\W:	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\british horse uncut titts (Sonja,Curtney).mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish gang bang beast big glans .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish animal hardcore licking penetration (Anniston,Karin).mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore uncut .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\trambling licking glans swallow .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian gang bang horse sleeping feet circumcision (Janette).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian handjob horse full movie bedroom .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black animal trambling girls cock boots .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx hot (!) feet femdom .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse xxx lesbian titts young .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake uncut (Tatjana).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking horse public girly .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish beastiality blowjob voyeur titts .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian gang bang blowjob public .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia gay hot (!) hairy .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish animal lesbian voyeur granny .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\italian action sperm [milf] (Sarah).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm full movie titts balls .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish nude sperm several models hole sm .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay girls high heels (Anniston,Sarah).mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\trambling [milf] cock 40+ .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm uncut shower .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish nude beast girls 40+ .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast catfight (Melissa).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black nude lingerie sleeping hole .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake girls .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese fetish xxx hidden glans ash .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fucking hidden ejaculation .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\black handjob beast hot (!) titts .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black animal horse uncut .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian cumshot lingerie [bangbus] feet YEâPSè& (Tatjana).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\asian sperm licking .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\porn blowjob [milf] (Janette).avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gang bang blowjob uncut feet fishy .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm catfight feet balls .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cumshot fucking masturbation (Curtney).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cum beast girls hole black hairunshaved (Tatjana).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish blowjob public hole castration (Samantha).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\italian action lingerie uncut hole (Anniston,Jade).mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\fucking licking .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish animal beast [bangbus] .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\italian beastiality blowjob [milf] .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish sperm [free] (Karin).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\gay [bangbus] (Janette).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\malaysia sperm masturbation .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian handjob gay [bangbus] titts .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie catfight hole .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish handjob sperm voyeur beautyfull .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\italian action blowjob catfight feet hotel .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\spanish gay [milf] (Melissa).avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\cumshot lingerie masturbation castration .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\american cumshot gay uncut shoes .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\security\templates\russian kicking hardcore lesbian mature .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish kicking trambling [bangbus] .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\beast public glans granny .avi.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\japanese horse sperm girls leather .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american nude fucking hidden titts blondie (Sarah).mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian cum trambling several models lady .mpg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\african xxx full movie .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american porn xxx voyeur (Janette).mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian cum bukkake lesbian titts .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore catfight hole .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese action blowjob big cock .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese fetish xxx sleeping (Sylvia).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish cum lingerie catfight .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action horse [bangbus] titts .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\swedish handjob beast licking .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian beastiality hardcore masturbation (Sarah).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\american porn beast girls black hairunshaved (Anniston,Samantha).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish beast public cock black hairunshaved .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\german xxx sleeping stockings .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian fetish hardcore public 40+ .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french fucking catfight titts boots (Melissa).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\spanish bukkake full movie young .rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling [bangbus] shoes (Britney,Liz).rar.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian cumshot blowjob public high heels .mpeg.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\bukkake public feet balls .zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese trambling [milf] titts (Sandy,Curtney).zip.exe	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4784	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4784	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3364	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3364	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
1580	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
1580	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4484	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4484	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4344	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4344	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
212	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4880	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
212	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
4880	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
1800	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
1800	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 2180	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	88
PID 4804 wrote to memory of 2180	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	88
PID 4804 wrote to memory of 2180	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	88
PID 2180 wrote to memory of 2816	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	89
PID 2180 wrote to memory of 2816	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	89
PID 2180 wrote to memory of 2816	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	89
PID 4804 wrote to memory of 3036	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	90
PID 4804 wrote to memory of 3036	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	90
PID 4804 wrote to memory of 3036	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	90
PID 2180 wrote to memory of 4208	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	91
PID 2180 wrote to memory of 4208	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	91
PID 2180 wrote to memory of 4208	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	91
PID 4804 wrote to memory of 3308	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	92
PID 4804 wrote to memory of 3308	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	92
PID 4804 wrote to memory of 3308	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	92
PID 2816 wrote to memory of 3408	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	93
PID 2816 wrote to memory of 3408	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	93
PID 2816 wrote to memory of 3408	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	93
PID 3036 wrote to memory of 912	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	94
PID 3036 wrote to memory of 912	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	94
PID 3036 wrote to memory of 912	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	94
PID 2180 wrote to memory of 4784	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	95
PID 2180 wrote to memory of 4784	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	95
PID 2180 wrote to memory of 4784	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	95
PID 4804 wrote to memory of 3364	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	96
PID 4804 wrote to memory of 3364	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	96
PID 4804 wrote to memory of 3364	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	96
PID 4208 wrote to memory of 1580	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	97
PID 4208 wrote to memory of 1580	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	97
PID 4208 wrote to memory of 1580	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	97
PID 3036 wrote to memory of 4484	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	98
PID 3036 wrote to memory of 4484	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	98
PID 3036 wrote to memory of 4484	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	98
PID 2816 wrote to memory of 4344	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	99
PID 2816 wrote to memory of 4344	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	99
PID 2816 wrote to memory of 4344	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	99
PID 3308 wrote to memory of 4880	3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	100
PID 3308 wrote to memory of 4880	3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	100
PID 3308 wrote to memory of 4880	3308	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	100
PID 3408 wrote to memory of 1800	3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	101
PID 3408 wrote to memory of 1800	3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	101
PID 3408 wrote to memory of 1800	3408	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	101
PID 912 wrote to memory of 212	912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	102
PID 912 wrote to memory of 212	912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	102
PID 912 wrote to memory of 212	912	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	102
PID 4784 wrote to memory of 4176	4784	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	103
PID 4784 wrote to memory of 4176	4784	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	103
PID 4784 wrote to memory of 4176	4784	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	103
PID 2180 wrote to memory of 3560	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	104
PID 2180 wrote to memory of 3560	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	104
PID 2180 wrote to memory of 3560	2180	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	104
PID 4208 wrote to memory of 1924	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	105
PID 4208 wrote to memory of 1924	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	105
PID 4208 wrote to memory of 1924	4208	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	105
PID 4804 wrote to memory of 4476	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	106
PID 4804 wrote to memory of 4476	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	106
PID 4804 wrote to memory of 4476	4804	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	106
PID 3036 wrote to memory of 5004	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	107
PID 3036 wrote to memory of 5004	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	107
PID 3036 wrote to memory of 5004	3036	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	107
PID 2816 wrote to memory of 2876	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	108
PID 2816 wrote to memory of 2876	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	108
PID 2816 wrote to memory of 2876	2816	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	108
PID 3364 wrote to memory of 5008	3364	cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14880
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:18472
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14480
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:13672
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:10496
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:14856
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16840
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:17896
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:15176
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16428
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:11100
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:15524
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:18600
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14844
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:17948
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:11760
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:16912
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3364
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:13504
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:11380
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:16700
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:4476
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:17148
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:12348
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:17676
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:3748
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:9720
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:13836
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:6092
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:11692
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:16920
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:7988
- - C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
    3⤵
    PID:14544
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:10896
- C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\cf23c3cac9c5eda1b2810d90fefa7e10_NeikiAnalytics.exe"
  2⤵
  PID:15388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish beastiality blowjob voyeur titts .zip.exe

Filesize
852KB

MD5
cb6d1c2be99abcb6d00e4588993435b3

SHA1
c1889b3e0dcc4906b1e9937235ce0c7a7f18e28c

SHA256
7c4a216452b853ab558e3b94446d5fd1a70b596a8f716d4c0f2072dd2593002b

SHA512
29b0fb787d68bd2def1049f26c8a8a220724f7d8ab3a28a55d3118e4c3c2667c1c4508bfff49e5aa4c70af9515ab010b2fc90d778f88867d90ddb998ece0d22c

Download Submit
memory/212-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1560-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1580-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1696-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1800-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2120-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2180-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2248-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2320-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2472-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2524-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2816-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2816-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2876-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3036-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3036-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3100-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3308-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3308-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3364-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3408-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4176-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4208-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4208-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4372-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4472-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4484-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4500-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4536-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4576-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4784-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4804-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4804-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5008-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5224-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5264-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5272-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5380-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5612-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5668-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5752-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5768-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5916-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5972-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5980-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6000-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6092-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6164-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6256-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6268-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6544-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6588-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6636-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6680-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6692-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6728-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6944-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7044-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7072-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7096-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7132-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7196-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7360-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7392-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7504-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7580-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7676-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7684-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7820-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7828-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7980-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7988-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8028-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8048-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8060-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8068-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8104-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8128-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8220-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8304-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8312-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8328-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8432-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8556-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8612-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8620-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8912-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9104-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9220-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9236-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download