4d3ceab2cf2f873f2169f381db1eaa4633a66c564409167a19017f1de69fcf70

Analysis

max time kernel
15s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Size

2.0MB
MD5

45dbb8dce98cdc1487f3f769107eea70
SHA1

06a01bc01338c5c0b6e17c57efe1eba7eaaaa240
SHA256

4d3ceab2cf2f873f2169f381db1eaa4633a66c564409167a19017f1de69fcf70
SHA512

1d36a1627f95648b0b8378a6dec16feaa932a4f5736ee772fe2bb2a97433444f5e7a5db353387e5b4b427a70302937abdb0871214e8969190d7993118e81fa43
SSDEEP

49152:5qFw8czU/QsDC3FDDe19sR2Q0KvDR8f6EssGN7dXbaqEiSXs:wFwSQs8C9sdGG7z4Xs

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\G:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\K:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\T:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\U:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\V:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\I:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\N:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\R:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\J:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\S:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\X:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\B:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\E:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\H:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\L:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\M:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\O:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\P:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File opened (read-only)	\??\W:	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\italian gang bang trambling public (Liz).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese action lingerie big .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian licking .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian cumshot hardcore hidden bondage .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob sleeping cock .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob girls glans girly .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob licking traffic .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian catfight hole fishy .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore sleeping young .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish beastiality beast uncut glans .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american cumshot gay several models .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie lesbian circumcision .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\japanese beastiality gay [milf] .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian handjob lesbian uncut titts (Sonja,Curtney).avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie hidden titts .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{6BB39B16-79FA-4D8E-BB79-4EFE59F95F66}\EDGEMITMP_509DC.tmp\gay hot (!) hole boots .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian nude bukkake [free] (Sarah).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\hardcore [free] glans .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\japanese fetish blowjob lesbian latex .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\horse sleeping titts wifey .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian horse xxx voyeur shoes .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian handjob lesbian lesbian redhair (Kathrin,Karin).mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal lesbian full movie beautyfull (Christine,Samantha).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish horse lesbian girls feet girly .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\swedish kicking sperm voyeur traffic .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob [free] feet lady .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude beast public cock redhair .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\bukkake voyeur stockings .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german fucking hidden shoes (Sonja,Jade).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black action lesbian public glans gorgeoushorny .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian gang bang sperm hot (!) .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish porn blowjob hot (!) .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black nude lingerie hot (!) traffic (Sandy,Janette).mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\nude bukkake girls 50+ .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\danish cumshot beast [bangbus] feet balls .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american gang bang trambling [milf] feet (Anniston,Melissa).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish animal lesbian catfight .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action beast hidden .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\beast big titts boots .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\beastiality bukkake [bangbus] swallow .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\tyrkish horse hardcore lesbian (Janette).avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality lesbian lesbian gorgeoushorny .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\italian handjob xxx [milf] (Sarah).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian animal fucking lesbian glans .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\handjob fucking voyeur cock circumcision (Tatjana).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cumshot sperm several models cock shower .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse sleeping (Sylvia).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\sperm voyeur glans .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british sperm girls .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fucking hot (!) penetration .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german bukkake uncut 50+ .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese blowjob several models feet 50+ .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lingerie catfight titts latex .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\hardcore [milf] (Sylvia).mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\brasilian porn beast sleeping titts .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish animal bukkake public glans .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian beastiality fucking hidden (Curtney).avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\nude horse licking femdom .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian fucking several models (Samantha).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\french lesbian masturbation (Melissa).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\german horse hidden glans swallow .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\porn fucking masturbation hole beautyfull (Jade).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\chinese beast catfight glans .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish beastiality trambling [free] black hairunshaved .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black nude lesbian lesbian glans circumcision .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\blowjob uncut .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\fetish trambling [bangbus] upskirt (Ashley,Sylvia).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\nude hardcore several models young .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\norwegian hardcore full movie mature .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast big .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese cum horse licking hotel .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\russian porn fucking [bangbus] .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\swedish cum blowjob hot (!) young .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie uncut swallow .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish action bukkake [milf] (Karin).mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob public wifey (Sonja,Liz).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\action fucking full movie glans black hairunshaved (Tatjana).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese cum hardcore masturbation cock (Sandy,Curtney).rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\italian porn gay sleeping blondie (Britney,Janette).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay lesbian hole .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob [bangbus] feet shower (Karin).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian [bangbus] titts blondie .rar.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\bukkake catfight hole mistress (Samantha).mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\american handjob sperm public (Janette).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\british fucking big bedroom .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\danish handjob lingerie [free] glans .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\canadian sperm masturbation swallow .mpeg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black gang bang xxx sleeping shoes (Sonja,Curtney).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american horse beast catfight bondage .zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian horse hot (!) cock (Sonja,Tatjana).zip.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\nude horse lesbian gorgeoushorny (Anniston,Liz).mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse public bondage .mpg.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal xxx sleeping cock .avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\gang bang trambling licking black hairunshaved (Sandy,Sylvia).avi.exe	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3904	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3904	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3376	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3376	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4928	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4928	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3044	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3044	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1420	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1420	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1120	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1120	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3096	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3096	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
2524	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
2524	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1220	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
1220	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 1512	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	92
PID 4216 wrote to memory of 1512	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	92
PID 4216 wrote to memory of 1512	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	92
PID 4216 wrote to memory of 4172	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	95
PID 4216 wrote to memory of 4172	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	95
PID 4216 wrote to memory of 4172	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	95
PID 1512 wrote to memory of 3936	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	96
PID 1512 wrote to memory of 3936	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	96
PID 1512 wrote to memory of 3936	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	96
PID 4216 wrote to memory of 3884	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	99
PID 4216 wrote to memory of 3884	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	99
PID 4216 wrote to memory of 3884	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	99
PID 1512 wrote to memory of 1532	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	100
PID 1512 wrote to memory of 1532	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	100
PID 1512 wrote to memory of 1532	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	100
PID 3936 wrote to memory of 3856	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	101
PID 3936 wrote to memory of 3856	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	101
PID 3936 wrote to memory of 3856	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	101
PID 4172 wrote to memory of 1952	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	102
PID 4172 wrote to memory of 1952	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	102
PID 4172 wrote to memory of 1952	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	102
PID 1512 wrote to memory of 3904	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	103
PID 1512 wrote to memory of 3904	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	103
PID 1512 wrote to memory of 3904	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	103
PID 4216 wrote to memory of 3376	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	104
PID 4216 wrote to memory of 3376	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	104
PID 4216 wrote to memory of 3376	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	104
PID 3884 wrote to memory of 4928	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	105
PID 3884 wrote to memory of 4928	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	105
PID 3884 wrote to memory of 4928	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	105
PID 1532 wrote to memory of 3044	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	106
PID 1532 wrote to memory of 3044	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	106
PID 1532 wrote to memory of 3044	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	106
PID 3936 wrote to memory of 1420	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	107
PID 3936 wrote to memory of 1420	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	107
PID 3936 wrote to memory of 1420	3936	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	107
PID 3856 wrote to memory of 1120	3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	108
PID 3856 wrote to memory of 1120	3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	108
PID 3856 wrote to memory of 1120	3856	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	108
PID 4172 wrote to memory of 3096	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	109
PID 4172 wrote to memory of 3096	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	109
PID 4172 wrote to memory of 3096	4172	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	109
PID 1952 wrote to memory of 2524	1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	110
PID 1952 wrote to memory of 2524	1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	110
PID 1952 wrote to memory of 2524	1952	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	110
PID 1512 wrote to memory of 1220	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	111
PID 1512 wrote to memory of 1220	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	111
PID 1512 wrote to memory of 1220	1512	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	111
PID 3904 wrote to memory of 4792	3904	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 4792	3904	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 4792	3904	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	112
PID 4216 wrote to memory of 1588	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	113
PID 4216 wrote to memory of 1588	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	113
PID 4216 wrote to memory of 1588	4216	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	113
PID 3376 wrote to memory of 2692	3376	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	114
PID 3376 wrote to memory of 2692	3376	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	114
PID 3376 wrote to memory of 2692	3376	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	114
PID 3884 wrote to memory of 1172	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	115
PID 3884 wrote to memory of 1172	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	115
PID 3884 wrote to memory of 1172	3884	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	115
PID 1532 wrote to memory of 1280	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	116
PID 1532 wrote to memory of 1280	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	116
PID 1532 wrote to memory of 1280	1532	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	116
PID 3044 wrote to memory of 1096	3044	45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15380
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:15244
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14508
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16440
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:15420
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:12176
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:16464
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:19952
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14780
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14492
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16424
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16432
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:12080
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:15236
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3884
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14760
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:15204
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:17072
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:10576
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:11856
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:14656
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3376
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        6⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14600
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:15472
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14824
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:11976
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:14772
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
        5⤵
        
        PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:16180
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
      4⤵
      PID:14516
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:11992
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:15212
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:5384
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:15444
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:6600
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:16276
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:8072
- - C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
    3⤵
    PID:15372
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:11008
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:11840
- C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45dbb8dce98cdc1487f3f769107eea70_NeikiAnalytics.exe"
  2⤵
  PID:14608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3756,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude beast public cock redhair .rar.exe

Filesize
169KB

MD5
b0f974082d691a22b6e147a85d7e3764

SHA1
2fddb6d4a6ecec3006350f9625c2e5dd2e03cbfd

SHA256
7f26a35c38dbf81890511133fde99814947e3a2f391d7db4493795a6c4f71f49

SHA512
89b514625a4881d7bc8af3533447e37fab1735d2c5ce190743395dfba3fec1decbae5696acff608491384a9d51b78fd93eb41c069825bdc138703df8166b47b6

Download Submit
C:\debug.txt

Filesize
146B

MD5
7eb00d0eaf05fac09b55d63c63c918e0

SHA1
8e231722773e4fcdf9efa6c44917f1e77345ead0

SHA256
40769e4f6986aaf2cfcf6740c26fc4c2536b3c8243939054fe768e11a5e91c36

SHA512
32696cb45e454e24bdeb226e3275b0b454d0ea1511f34b6235ac13ce9bb6abeb2f30ce08ad20635b6e9f01e2f5fcb8cde1da18697c4fd90dcf2f1741ec397444

Download Submit