77c700bc548a98308e6ad79b95003327c72f40134b32eb7c1baba2178eff8da4

Analysis

max time kernel
12s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Size

1.6MB
MD5

08e5213d2dc7a975954b41606a430a10
SHA1

6d371cf864dc55837eb135daf566c82483a99ee2
SHA256

77c700bc548a98308e6ad79b95003327c72f40134b32eb7c1baba2178eff8da4
SHA512

75e484d15d07b1bd21a41215de330c0fe6cd84874fdb698760d0a99d97296092883b20f4615788fcc85411c7dd3c3eea53e4faf13733a9e4774bb002941a9fc4
SSDEEP

49152:s4H/Mi8QAESDFuyUoz2zb0ypHgjM/kKHIp:s2/MijIFuIzwbxpHiMsKHIp

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/432-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0007000000023426-5.dat	upx
behavioral2/memory/1896-34-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3600-152-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/648-153-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2720-179-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4304-180-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3300-181-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3804-182-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/532-184-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/452-183-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/432-185-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1896-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3600-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4436-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/648-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2720-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4412-193-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4304-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3300-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2936-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4608-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3804-196-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/452-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2468-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1848-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/532-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4524-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1516-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1260-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5388-219-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5380-218-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5372-217-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5348-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5340-215-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5324-214-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5332-220-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5356-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5396-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5364-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5308-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5300-212-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5292-211-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5276-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5268-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2468-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6288-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6236-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6332-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6480-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6448-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6428-232-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6344-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6580-236-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6436-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6808-260-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6176-263-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/7128-264-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6288-267-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/7324-266-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6204-265-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6964-262-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6824-261-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/6920-259-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\G:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\O:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\M:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\T:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\V:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\W:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\X:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\A:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\E:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\H:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\I:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\K:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\L:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\J:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\N:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\P:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\R:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\S:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File opened (read-only)	\??\U:	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\fucking fucking full movie hole pregnant (Karin).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish horse [bangbus] hole 40+ (Jade,Jade).avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african hardcore fucking licking .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx xxx hot (!) glans .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian gang bang catfight boobs swallow .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian blowjob animal [milf] nipples sweet .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cum [bangbus] black hairunshaved .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish cum lesbian upskirt .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french horse fucking hot (!) .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian lesbian [free] high heels .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beastiality bukkake lesbian .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian lingerie hot (!) .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\chinese fucking animal masturbation glans pregnant (Jenna,Kathrin).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\malaysia horse voyeur balls (Curtney).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\xxx [bangbus] hotel .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\trambling bukkake licking cock shower (Gina,Sonja).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish sperm fucking lesbian glans sweet .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse lesbian pregnant .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\black gay hot (!) cock .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\british lingerie sleeping ash .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\british hardcore nude hidden pregnant .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african horse porn lesbian .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling sleeping vagina hairy .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\handjob cum several models vagina .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german gang bang voyeur hole .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian handjob fucking catfight (Kathrin,Sonja).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\french animal full movie cock (Janette,Sonja).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\xxx xxx several models hole balls .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9470.tmp\gay trambling voyeur (Samantha).zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian beastiality catfight (Melissa).avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american sperm fucking [bangbus] femdom .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish fetish licking legs 40+ .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german sperm trambling big titts 50+ (Karin).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\fucking catfight .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\asian nude sperm [milf] .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\indian sperm big titts 40+ .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\black lesbian bukkake public hairy (Anniston,Anniston).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse handjob voyeur titts (Jade,Jade).avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\security\templates\tyrkish horse licking .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black beast beastiality sleeping vagina swallow .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\asian porn hot (!) beautyfull (Curtney).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\american lingerie hardcore hot (!) penetration .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\swedish lingerie sleeping glans mature .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\blowjob horse big stockings .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\gang bang [milf] upskirt .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\asian lesbian uncut cock mistress .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fetish handjob girls hole leather .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\beast beast catfight ¼ë .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\norwegian cum handjob uncut hole sm .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\blowjob hidden mature .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish horse full movie upskirt (Karin).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\horse uncut .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\porn uncut sm (Jenna,Kathrin).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot big young .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\african horse big .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\animal full movie redhair .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\handjob fucking sleeping cock (Jenna,Sarah).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese trambling voyeur ash young .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\lesbian action several models glans .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\trambling masturbation .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\gang bang fetish voyeur hole black hairunshaved .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\trambling [free] girly .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian action [milf] .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lesbian girls swallow (Samantha).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gay porn licking glans blondie .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\french lingerie gay several models cock sm .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian porn full movie boots (Samantha,Sonja).avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\spanish hardcore cum several models hotel (Liz,Liz).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\hardcore [free] feet circumcision (Jenna).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\handjob beast big hotel .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african horse masturbation fishy .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\british beast xxx full movie high heels .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian bukkake [free] .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\british horse gang bang sleeping sweet .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\american cumshot hot (!) .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish lesbian xxx [milf] .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\japanese animal fucking [bangbus] lady .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\swedish handjob big vagina fishy .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american horse voyeur bondage .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian animal hidden balls (Anniston).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\french gang bang masturbation .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\cum [milf] hairy (Jade).mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\horse [bangbus] hairy .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia horse [milf] boobs circumcision .avi.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\sperm several models gorgeoushorny (Anniston,Sarah).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian cum [bangbus] titts swallow .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\swedish sperm sperm licking legs .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\african lingerie beast [free] .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black trambling beast [bangbus] wifey (Melissa,Sonja).rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\spanish gang bang handjob big .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish beastiality public glans .rar.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\action blowjob hidden boots .mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\brasilian action public boobs .mpeg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\brasilian cumshot kicking [milf] ash .zip.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french trambling animal sleeping nipples beautyfull (Anniston).mpg.exe	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3804	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3804	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
452	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
452	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
532	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
532	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4396	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4396	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1408	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
1408	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
436	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
436	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4436	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4436	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3616	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
3616	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 1896	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	87
PID 432 wrote to memory of 1896	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	87
PID 432 wrote to memory of 1896	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	87
PID 1896 wrote to memory of 3600	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	88
PID 1896 wrote to memory of 3600	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	88
PID 1896 wrote to memory of 3600	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	88
PID 432 wrote to memory of 648	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	89
PID 432 wrote to memory of 648	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	89
PID 432 wrote to memory of 648	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	89
PID 432 wrote to memory of 2720	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	93
PID 432 wrote to memory of 2720	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	93
PID 432 wrote to memory of 2720	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	93
PID 1896 wrote to memory of 4304	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	94
PID 1896 wrote to memory of 4304	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	94
PID 1896 wrote to memory of 4304	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	94
PID 648 wrote to memory of 3300	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	95
PID 648 wrote to memory of 3300	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	95
PID 648 wrote to memory of 3300	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	95
PID 3600 wrote to memory of 2936	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	96
PID 3600 wrote to memory of 2936	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	96
PID 3600 wrote to memory of 2936	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	96
PID 432 wrote to memory of 3804	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	100
PID 432 wrote to memory of 3804	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	100
PID 432 wrote to memory of 3804	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	100
PID 648 wrote to memory of 452	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	101
PID 648 wrote to memory of 452	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	101
PID 648 wrote to memory of 452	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	101
PID 2720 wrote to memory of 532	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	102
PID 2720 wrote to memory of 532	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	102
PID 2720 wrote to memory of 532	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	102
PID 1896 wrote to memory of 4396	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	103
PID 1896 wrote to memory of 4396	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	103
PID 1896 wrote to memory of 4396	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	103
PID 3600 wrote to memory of 1408	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	104
PID 3600 wrote to memory of 1408	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	104
PID 3600 wrote to memory of 1408	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	104
PID 3300 wrote to memory of 436	3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	105
PID 3300 wrote to memory of 436	3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	105
PID 3300 wrote to memory of 436	3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	105
PID 4304 wrote to memory of 4436	4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	106
PID 4304 wrote to memory of 4436	4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	106
PID 4304 wrote to memory of 4436	4304	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	106
PID 2936 wrote to memory of 3616	2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	107
PID 2936 wrote to memory of 3616	2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	107
PID 2936 wrote to memory of 3616	2936	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	107
PID 3804 wrote to memory of 4412	3804	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	110
PID 3804 wrote to memory of 4412	3804	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	110
PID 3804 wrote to memory of 4412	3804	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	110
PID 432 wrote to memory of 320	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	111
PID 432 wrote to memory of 320	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	111
PID 432 wrote to memory of 320	432	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	111
PID 648 wrote to memory of 4284	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	112
PID 648 wrote to memory of 4284	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	112
PID 648 wrote to memory of 4284	648	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	112
PID 2720 wrote to memory of 4608	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	113
PID 2720 wrote to memory of 4608	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	113
PID 2720 wrote to memory of 4608	2720	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	113
PID 1896 wrote to memory of 1848	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	114
PID 1896 wrote to memory of 1848	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	114
PID 1896 wrote to memory of 1848	1896	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	114
PID 3600 wrote to memory of 2468	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	115
PID 3600 wrote to memory of 2468	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	115
PID 3600 wrote to memory of 2468	3600	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	115
PID 3300 wrote to memory of 1232	3300	08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:432
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:20672
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:25548
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:25160
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:25180
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:20616
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        9⤵
        
        PID:27136
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:23660
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:20640
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:24800
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:22360
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:28668
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:24860
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27220
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:23644
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:20048
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:27920
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:22116
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:29292
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:21596
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:29228
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:25312
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20632
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:20272
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28084
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:26468
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:23668
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18980
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18452
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:26488
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20564
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:26496
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:20820
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:25440
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:19408
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27712
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28244
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:23824
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:18776
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27268
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:23676
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20656
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27960
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22084
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:29316
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:19740
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27952
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20728
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25072
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24756
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20540
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24096
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25204
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20720
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25044
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22100
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:29284
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:26628
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:21588
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28780
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:19044
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:26408
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:23652
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:19376
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27668
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28252
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27112
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24664
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:29216
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25188
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22092
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:22404
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24896
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27148
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24448
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25212
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20648
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24940
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27260
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24764
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27976
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20032
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:28224
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20788
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:25572
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27456
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:22108
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:28940
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25196
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:21992
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:18820
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24744
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20752
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27104
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:23916
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:28284
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24692
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24808
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22640
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18604
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25816
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20532
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25008
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20736
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25464
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18796
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22368
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:21512
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:28688
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:28276
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24772
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20308
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:28068
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20264
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22228
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:15128
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:22452
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5984
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:648
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        8⤵
        
        PID:22260
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:22656
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:19392
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27732
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:27244
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24604
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:20196
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28004
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:26636
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:22648
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:26568
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19028
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:26452
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22124
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:29300
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20804
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18768
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:26176
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:24648
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25424
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27984
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:21756
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:21480
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:28788
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27936
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27212
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:29324
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20664
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27740
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:21320
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19232
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20780
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25388
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27236
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24056
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:29420
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:26168
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:22444
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27252
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24592
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24820
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24064
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20796
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:28804
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20508
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24980
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20744
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:25568
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:11008
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20300
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:28076
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:13068
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:20680
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:22212
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:21536
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:28680
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        7⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:26184
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20688
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:25232
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19400
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:27724
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:19496
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:28624
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22520
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:20712
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20548
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24976
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22504
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20608
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:25040
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:26460
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22424
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25304
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:25172
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:21520
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:28796
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:20020
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27992
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27464
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27120
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:3712
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:19776
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:27968
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24788
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:16216
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:23832
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3804
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:18004
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24780
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:26544
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:23816
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24048
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27276
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24040
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27228
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24476
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:19784
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:28212
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:19732
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:27944
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:13392
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:20812
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:5144
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:27928
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20696
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:24956
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20524
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:3912
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:21468
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:5148
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:13352
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:17752
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7824
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:5388
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
        5⤵
        
        PID:24676
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:20760
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:21808
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:7780
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:14964
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:21616
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:29308
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:6884
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
      4⤵
      PID:15736
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:16032
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:22664
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:8000
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:17604
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:27656
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:12324
- - C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
    3⤵
    PID:27128
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:16048
- C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\08e5213d2dc7a975954b41606a430a10_NeikiAnalytics.exe"
  2⤵
  PID:23840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african horse porn lesbian .mpg.exe

Filesize
1.9MB

MD5
95adebe5c7ba9965d9de6a5f2c4673fb

SHA1
7cc2ca5dc61beda22b7af86b9094ad624bc0118e

SHA256
8ebcaa58fe7769d820aab6fb9ff2e3f9ccebd6713275fcc2604f946f84dd8418

SHA512
77a8910052e62150a727c041edcb082a518b82791864c6d402eb253e403340a7a4c206dcc6424aad653d9de35f5d826061a36622e9688fa0bfb0ad5de1451c70

Download Submit
memory/432-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/432-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/452-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/452-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/532-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/532-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/648-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/648-153-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1260-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1516-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1848-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1896-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1896-34-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2468-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2468-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2720-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2720-179-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2936-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3300-181-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3300-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3600-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3600-152-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3804-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3804-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4304-180-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4304-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4412-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4436-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4524-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4608-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5268-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5268-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5276-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5276-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5292-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5292-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5300-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5300-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5308-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5308-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5324-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5324-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5332-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5332-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5340-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5340-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5348-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5348-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5356-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5356-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5364-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5364-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5372-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5372-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5380-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5380-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5388-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5388-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5396-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5396-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6176-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6204-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6236-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6288-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6288-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6332-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6344-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6428-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6436-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6448-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6480-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6580-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6688-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6792-253-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6800-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6808-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6816-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6824-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6856-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6884-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6904-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6920-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6964-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7128-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7324-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7600-284-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7668-285-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7688-286-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7700-287-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7708-289-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7716-290-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7740-288-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7880-300-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7888-301-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7936-302-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7944-303-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download