f2e3094b08c3842d25211e4ed41d193507c4492dfcbf66d55519545a28c65b9c

Analysis

max time kernel
14s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Size

999KB
MD5

202f133d6daf299a84bbdd671a076ff0
SHA1

499815bb5f984f0d1081581fc0d6a8611c80835f
SHA256

f2e3094b08c3842d25211e4ed41d193507c4492dfcbf66d55519545a28c65b9c
SHA512

312f186870b4f626fe8163e7947f7f3bdc17b0b315f47b54d4e51c28c2c43238d83c470467921a3bf005e7cbe2fcb18cc498d1e2ea55ded1795279882c533b8a
SSDEEP

24576:86SzSrYugYOCIIU+HDK943RMyAg2Lr4qUD6rPMZIS3TaqaaoV:5SyeYOZc35H23S8PsIkFaLV

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese bukkake masturbation legs (Sonja,Sonja).rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian lingerie action voyeur hole circumcision (Ashley).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian lingerie hidden .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay public feet traffic (Sylvia,Kathrin).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\british porn horse [milf] hotel .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian masturbation mistress (Anniston).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking kicking [milf] feet ¤ç (Britney,Ashley).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian porn gay public redhair .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\french nude lingerie [free] .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american animal action [bangbus] hotel (Karin,Melissa).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum sleeping gorgeoushorny (Christine).rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian nude catfight castration (Janette,Sonja).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish kicking several models wifey .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse cum hidden .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\horse cum [bangbus] shower .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese hardcore xxx sleeping .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\cum fucking sleeping .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\spanish xxx several models .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian kicking gay voyeur 50+ .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian animal public redhair .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian trambling catfight legs .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling several models ash .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian horse public bondage .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african xxx lesbian [free] YEâPSè& .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\french horse big .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish cum full movie redhair .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse several models gorgeoushorny .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american hardcore several models circumcision .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality cumshot lesbian stockings .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian hardcore blowjob masturbation (Kathrin).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black beast uncut ejaculation .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\animal xxx catfight latex (Karin,Britney).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\canadian beast action [free] girly .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\norwegian blowjob horse full movie (Sandy,Sylvia).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black lesbian cumshot big lady .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\spanish hardcore porn girls vagina .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\gay lesbian ash stockings (Sandy).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\tyrkish lesbian handjob big nipples .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\bukkake several models ash .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cumshot [milf] mistress (Sonja,Ashley).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish action animal catfight boobs 40+ (Karin,Christine).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cumshot action hidden girly (Sonja,Kathrin).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\american animal lesbian uncut titts Ôï .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\japanese bukkake fucking big .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\black hardcore beastiality hot (!) circumcision (Karin).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\russian beastiality horse licking ash shoes .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian action kicking [bangbus] .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\xxx cum catfight traffic .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian cumshot gang bang masturbation high heels (Liz).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\american beastiality big titts swallow .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\blowjob gay full movie glans upskirt (Britney).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\handjob gay several models (Sylvia,Gina).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\gay lesbian bondage .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\fetish trambling masturbation 40+ (Liz,Gina).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse [bangbus] .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse [free] .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\lingerie horse big .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\nude blowjob several models ash granny .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\gay lesbian girls titts (Sarah,Samantha).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\african horse lesbian public granny .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\american bukkake beast hot (!) .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\xxx catfight .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese handjob voyeur (Britney,Samantha).rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian animal hot (!) mistress .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian fucking lingerie several models YEâPSè& (Christine).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\danish cumshot uncut latex .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\italian trambling beastiality hot (!) sm .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian handjob lesbian big (Sarah,Jade).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish handjob licking (Jenna,Tatjana).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake sleeping sm .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\cum public granny .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\norwegian trambling public traffic .avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\japanese cumshot lesbian hairy (Tatjana,Sarah).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\canadian sperm several models (Liz,Jade).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese porn fucking licking cock .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\japanese beast lingerie several models latex .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\action lesbian (Jade,Christine).avi.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian lesbian cum masturbation hole (Karin,Janette).zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian lingerie [milf] beautyfull (Britney).mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\african gang bang full movie ash bedroom .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\african gang bang sleeping redhair .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\xxx lingerie several models ash black hairunshaved .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\italian beast hidden legs blondie .rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian trambling fetish hidden .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gang bang big feet castration .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot action lesbian traffic .mpg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\swedish nude porn catfight hairy (Britney,Britney).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lingerie lingerie [milf] (Curtney).rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american action hidden vagina hairy (Christine,Liz).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\gang bang licking stockings (Sarah,Kathrin).rar.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese porn bukkake public YEâPSè& (Anniston,Anniston).mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\sperm several models girly .mpeg.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\italian beastiality [milf] circumcision .zip.exe	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4168	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4168	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4548	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4548	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1628	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1628	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1252	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1252	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3228	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3228	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1148	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1148	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3260	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3260	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3648	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3648	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3868	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
3868	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4992	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	84
PID 2812 wrote to memory of 4992	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	84
PID 2812 wrote to memory of 4992	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	84
PID 4992 wrote to memory of 1056	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	85
PID 4992 wrote to memory of 1056	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	85
PID 4992 wrote to memory of 1056	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	85
PID 2812 wrote to memory of 3104	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	86
PID 2812 wrote to memory of 3104	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	86
PID 2812 wrote to memory of 3104	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	86
PID 4992 wrote to memory of 3456	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	87
PID 4992 wrote to memory of 3456	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	87
PID 4992 wrote to memory of 3456	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	87
PID 2812 wrote to memory of 1212	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	88
PID 2812 wrote to memory of 1212	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	88
PID 2812 wrote to memory of 1212	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	88
PID 1056 wrote to memory of 4304	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	89
PID 1056 wrote to memory of 4304	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	89
PID 1056 wrote to memory of 4304	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	89
PID 3104 wrote to memory of 3120	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	90
PID 3104 wrote to memory of 3120	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	90
PID 3104 wrote to memory of 3120	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	90
PID 4992 wrote to memory of 4168	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	91
PID 4992 wrote to memory of 4168	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	91
PID 4992 wrote to memory of 4168	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	91
PID 2812 wrote to memory of 4548	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	92
PID 2812 wrote to memory of 4548	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	92
PID 2812 wrote to memory of 4548	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	92
PID 1056 wrote to memory of 1628	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	93
PID 1056 wrote to memory of 1628	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	93
PID 1056 wrote to memory of 1628	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	93
PID 3104 wrote to memory of 1252	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	94
PID 3104 wrote to memory of 1252	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	94
PID 3104 wrote to memory of 1252	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	94
PID 3456 wrote to memory of 3228	3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	95
PID 3456 wrote to memory of 3228	3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	95
PID 3456 wrote to memory of 3228	3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	95
PID 1212 wrote to memory of 1148	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	96
PID 1212 wrote to memory of 1148	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	96
PID 1212 wrote to memory of 1148	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	96
PID 4304 wrote to memory of 3260	4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	97
PID 4304 wrote to memory of 3260	4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	97
PID 4304 wrote to memory of 3260	4304	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	97
PID 3120 wrote to memory of 3648	3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	98
PID 3120 wrote to memory of 3648	3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	98
PID 3120 wrote to memory of 3648	3120	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	98
PID 4992 wrote to memory of 3868	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	99
PID 4992 wrote to memory of 3868	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	99
PID 4992 wrote to memory of 3868	4992	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	99
PID 2812 wrote to memory of 4048	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	100
PID 2812 wrote to memory of 4048	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	100
PID 2812 wrote to memory of 4048	2812	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	100
PID 1056 wrote to memory of 4640	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	101
PID 1056 wrote to memory of 4640	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	101
PID 1056 wrote to memory of 4640	1056	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	101
PID 3104 wrote to memory of 436	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	102
PID 3104 wrote to memory of 436	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	102
PID 3104 wrote to memory of 436	3104	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	102
PID 4168 wrote to memory of 4280	4168	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	103
PID 4168 wrote to memory of 4280	4168	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	103
PID 4168 wrote to memory of 4280	4168	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	103
PID 1212 wrote to memory of 4572	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	104
PID 1212 wrote to memory of 4572	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	104
PID 1212 wrote to memory of 4572	1212	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	104
PID 3456 wrote to memory of 3960	3456	202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe	105

C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15324
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15180
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:3616
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15300
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:7844
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:10828
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:14788
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3104
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14832
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15116
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15188
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15052
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15108
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:7880
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:10836
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:14796
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15260
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:2012
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15220
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15332
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:8224
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:15028
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:3216
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15076
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15140
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:8664
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:12076
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:15036
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
      4⤵
      PID:15292
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:8240
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:11376
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:15252
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:3884
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:8480
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:12084
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:15060
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:6100
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:12972
- - C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
    3⤵
    PID:14948
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:8396
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:11408
- C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\202f133d6daf299a84bbdd671a076ff0_NeikiAnalytics.exe"
  2⤵
  PID:15148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian kicking gay voyeur 50+ .rar.exe

Filesize
1.7MB

MD5
172c10ae8b1abb217e68b8a7f73ed5f8

SHA1
ef0f4283aa44a7df9fd5aaf4ff700e76c2518910

SHA256
96e71cc7ed695c9bcab5386874219841d052744937f87c517fa94673bec86e0a

SHA512
4de99f8a2bcdb2163d1c4509d77725f3aeedaebd335dee42924052aa7b15a1481122b586d2612267f3a034ea689ef098084df4815763cd07cec2a9dc77ac02b5

Download Submit