f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62

Analysis

max time kernel
16s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Size

821KB
MD5

c04f3e8305d716dfe959f5e1481d77a0
SHA1

7805690c0525f44fb663269d9581dd9093e405c9
SHA256

f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62
SHA512

de38edafce02aa38f803ce927512d90f7e2437a66541136fb87ec28a520707372cf419db199bd08d8949f6a6375806a9b2d5569d9761a87c1348936a0fb7f20e
SSDEEP

12288:0EQoSCG2bT2gnPc8hAWyNoa6irY/ejMjTyDcEQRTY8off0hHOS9/t0fXj0Meh:0CvcDXNoa6ic/2iTyDART430ES12w

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4864-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00070000000233f3-5.dat	upx
behavioral2/memory/1636-51-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2492-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4808-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2888-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2604-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3368-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3100-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2128-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5116-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4864-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2840-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4864-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4808-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2888-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3480-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3992-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4624-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3496-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2508-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3684-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2604-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1512-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3368-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3356-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3620-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2128-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2200-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3256-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1988-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3100-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2844-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4516-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2596-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5116-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2304-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4704-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2840-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4624-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3992-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2268-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/552-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2152-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1460-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2676-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4192-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/824-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3020-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3720-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/432-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4512-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/732-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1512-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2508-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3684-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3480-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1988-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3256-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5776-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5920-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish hardcore big (Tatjana).rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french bukkake horse [bangbus] blondie .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\nude uncut ash blondie (Ashley).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian animal hardcore voyeur vagina (Karin).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob gang bang girls nipples (Tatjana).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese animal licking cock 40+ .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black kicking gay girls YEâPSè& .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian lesbian public ¼ë .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian cumshot masturbation black hairunshaved (Sylvia,Samantha).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\african xxx [free] hole circumcision .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian gang bang nude uncut nipples shower (Karin,Samantha).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse public ash gorgeoushorny .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\black trambling full movie .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay [bangbus] hairy (Britney).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beastiality lesbian lesbian (Jenna).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese horse fetish girls (Jenna,Curtney).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian cum hidden (Jenna).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast full movie legs .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm nude public nipples (Samantha).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish gay catfight femdom .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\chinese beast beast hidden traffic .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black beastiality porn [free] titts mature .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\fucking beast masturbation (Ashley,Christine).rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast [milf] girly (Karin).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian horse licking ejaculation (Sonja).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\african lesbian horse hidden .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish action xxx hot (!) lady .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian gay fetish voyeur penetration .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american lesbian full movie mistress (Kathrin).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian lesbian [milf] (Tatjana,Liz).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\horse hidden cock stockings .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\malaysia blowjob uncut cock .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian beastiality cum hidden .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx big .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\french horse licking leather .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\fetish big girly .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\malaysia blowjob lesbian sm .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black kicking handjob masturbation vagina ash .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia hardcore several models sweet (Sylvia).rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\italian fetish voyeur hairy .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gang bang catfight nipples .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\asian kicking girls nipples traffic .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\beastiality girls .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese hardcore lingerie [free] girly (Curtney).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\norwegian beast handjob [bangbus] hole 40+ .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse big (Sonja,Ashley).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum [milf] fishy (Sylvia,Karin).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\xxx blowjob sleeping .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\american cum full movie hairy .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\beast full movie traffic .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\british nude action public vagina bondage .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\nude voyeur legs (Melissa,Sylvia).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\nude public leather .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\danish fetish beast lesbian penetration (Sylvia,Gina).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\french beastiality handjob full movie .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\hardcore sleeping leather .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian sperm blowjob public 50+ .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\sperm full movie mistress .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\porn [milf] .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\nude full movie .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\bukkake handjob girls ash .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black lingerie public boobs ejaculation .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\handjob big (Britney).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\african blowjob horse public .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\british horse lesbian [milf] vagina boots .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\nude cum full movie legs .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\lingerie catfight fishy .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\handjob lesbian titts swallow .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\japanese beast lesbian 50+ .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\black horse catfight young .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\kicking fetish voyeur gorgeoushorny .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\british gay girls gorgeoushorny .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese gang bang cumshot voyeur feet ash .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\xxx xxx voyeur vagina YEâPSè& .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\action xxx catfight circumcision (Ashley).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black hardcore lesbian licking (Sarah,Liz).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\tyrkish nude porn girls shoes .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cum cum big cock hotel .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\lingerie hot (!) 40+ .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian cum hot (!) nipples penetration .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast voyeur latex .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\trambling full movie boobs Ôï .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\spanish lesbian sperm full movie nipples .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\sperm lingerie catfight boots .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\american cum xxx [bangbus] black hairunshaved .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\asian beastiality cumshot public lady (Sonja,Christine).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian hardcore voyeur legs boots .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\fetish kicking several models boobs Ôï (Sandy).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish handjob trambling girls nipples sm .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\american hardcore fetish public boobs pregnant (Samantha).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\spanish kicking fetish sleeping fishy (Sonja).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lesbian gay [bangbus] castration (Curtney,Sylvia).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\handjob action several models redhair .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\malaysia action voyeur .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3368	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3368	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3100	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3100	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3356	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3356	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3620	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3620	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2128	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2128	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
5116	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
5116	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2840	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2840	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4624	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
4624	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1636	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	84
PID 4864 wrote to memory of 1636	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	84
PID 4864 wrote to memory of 1636	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	84
PID 4864 wrote to memory of 2492	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	85
PID 4864 wrote to memory of 2492	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	85
PID 4864 wrote to memory of 2492	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	85
PID 1636 wrote to memory of 3496	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	86
PID 1636 wrote to memory of 3496	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	86
PID 1636 wrote to memory of 3496	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	86
PID 1636 wrote to memory of 4808	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	89
PID 1636 wrote to memory of 4808	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	89
PID 1636 wrote to memory of 4808	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	89
PID 4864 wrote to memory of 2888	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	90
PID 4864 wrote to memory of 2888	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	90
PID 4864 wrote to memory of 2888	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	90
PID 2492 wrote to memory of 2604	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	91
PID 2492 wrote to memory of 2604	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	91
PID 2492 wrote to memory of 2604	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	91
PID 3496 wrote to memory of 4516	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	92
PID 3496 wrote to memory of 4516	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	92
PID 3496 wrote to memory of 4516	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	92
PID 4808 wrote to memory of 3368	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	93
PID 4808 wrote to memory of 3368	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	93
PID 4808 wrote to memory of 3368	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	93
PID 4864 wrote to memory of 2844	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	94
PID 4864 wrote to memory of 2844	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	94
PID 4864 wrote to memory of 2844	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	94
PID 1636 wrote to memory of 3100	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	95
PID 1636 wrote to memory of 3100	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	95
PID 1636 wrote to memory of 3100	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	95
PID 2888 wrote to memory of 3620	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	96
PID 2888 wrote to memory of 3620	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	96
PID 2888 wrote to memory of 3620	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	96
PID 2492 wrote to memory of 3356	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	97
PID 2492 wrote to memory of 3356	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	97
PID 2492 wrote to memory of 3356	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	97
PID 3496 wrote to memory of 2128	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	98
PID 3496 wrote to memory of 2128	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	98
PID 3496 wrote to memory of 2128	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	98
PID 2604 wrote to memory of 5116	2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	99
PID 2604 wrote to memory of 5116	2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	99
PID 2604 wrote to memory of 5116	2604	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	99
PID 4516 wrote to memory of 2840	4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	100
PID 4516 wrote to memory of 2840	4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	100
PID 4516 wrote to memory of 2840	4516	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	100
PID 4808 wrote to memory of 4624	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	104
PID 4808 wrote to memory of 4624	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	104
PID 4808 wrote to memory of 4624	4808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	104
PID 1636 wrote to memory of 3992	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	105
PID 1636 wrote to memory of 3992	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	105
PID 1636 wrote to memory of 3992	1636	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	105
PID 4864 wrote to memory of 552	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	106
PID 4864 wrote to memory of 552	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	106
PID 4864 wrote to memory of 552	4864	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	106
PID 2888 wrote to memory of 3480	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	107
PID 2888 wrote to memory of 3480	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	107
PID 2888 wrote to memory of 3480	2888	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	107
PID 2492 wrote to memory of 3684	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	108
PID 2492 wrote to memory of 3684	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	108
PID 2492 wrote to memory of 3684	2492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	108
PID 3496 wrote to memory of 2508	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	109
PID 3496 wrote to memory of 2508	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	109
PID 3496 wrote to memory of 2508	3496	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	109
PID 2844 wrote to memory of 4884	2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	110

C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6004
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10900
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:11076
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12296
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:12376
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2556
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6536
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10192
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:10972
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:11320
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:7680
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:7512
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:11592
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:7392
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5936
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5500
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:8896
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:12716
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2292
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:8648
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:12724
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:11836
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9680
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:12888
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5320
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:6348
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:1012
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:8924
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:12732
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish action xxx hot (!) lady .mpg.exe

Filesize
1.5MB

MD5
cde8b6ea16318394c98d631782a37873

SHA1
5c475cc48cb9b90be7b328390bff8f327d7e649f

SHA256
e8a36fa203b545e015aecd3a1c1b3c4d868327385eef0ca640ae916840e2fa83

SHA512
2a7f1248ee131800f3afc5d5e6943eadd083e4a56f50f4bb30cfcd467979f9c547dd1d0fc2995528d3046282d6ae89f31c725ce9616134c28b565ca74c227500

Download Submit
memory/432-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/552-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/732-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/732-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/824-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/824-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1096-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1192-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1460-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1460-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1512-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1512-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1636-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1988-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1988-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2128-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2128-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2152-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2152-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2212-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2268-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2268-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2304-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2304-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2492-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2508-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2508-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2596-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2676-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2676-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2840-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2840-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2888-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2888-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3100-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3100-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3248-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3256-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3256-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3356-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3368-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3368-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3480-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3480-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3496-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3620-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3684-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3684-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3720-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3720-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3992-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3992-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4024-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4192-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4512-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4512-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4516-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4624-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4624-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4704-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4704-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4808-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4808-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-454-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5116-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5116-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5776-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5896-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5920-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5948-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6032-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6072-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6252-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6260-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6268-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6284-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6292-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6300-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6404-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6420-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6428-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6436-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6452-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download