0639124696e13d0b085dae0904a457ff255099457264210e9084250af252a00c

Analysis

max time kernel
15s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Size

442KB
MD5

8adc26cc3233fdc7683cd33d0bb0a4c0
SHA1

aacfbacb0bd121ebc439e57c85a83ae2ec4a722d
SHA256

0639124696e13d0b085dae0904a457ff255099457264210e9084250af252a00c
SHA512

d294bba9ce069ed1888c10b1ac7a9001eacf375caa4fea7435bbdd0032076e018737a78c8ac80c7f13fdc50a8eab6439a5083be59cb7cade91496940e25159ba
SSDEEP

12288:xEQoS+qhXEtAfnqM+/siLY6b8cbVhh/N8U4XsKF:xnXtosV6AALh/N8n3

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4856-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-5.dat	upx
behavioral2/memory/1712-83-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3828-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2856-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4152-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3400-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5032-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4820-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2600-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2016-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4324-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4204-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2668-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4400-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1240-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4856-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1712-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1652-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3828-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3556-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4152-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3400-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3968-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2856-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3268-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2264-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5032-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2808-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4420-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4820-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2336-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1276-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3848-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4324-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/940-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4792-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3412-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2308-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4464-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4204-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2600-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2016-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2668-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1240-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5152-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5180-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4400-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5300-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3556-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5324-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5332-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5312-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3968-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3268-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1652-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5340-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2264-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2808-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5356-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2336-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1276-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3848-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5348-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\trambling catfight ash 40+ (Sylvia,Gina).avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese animal animal lesbian titts (Melissa).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\malaysia trambling full movie mistress (Gina,Sonja).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality kicking girls .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay horse licking ¼ë .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake sperm hidden titts 40+ .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cum cum hidden .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish bukkake sleeping .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian xxx sperm hidden young (Jade).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese lingerie big .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian masturbation feet .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish porn hidden ash (Sandy).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\danish kicking fetish [free] (Sonja,Gina).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian kicking [free] titts sm .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german action full movie .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian nude bukkake licking shower .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian blowjob public shower (Jenna).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse big .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\animal hidden gorgeoushorny .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\french beast licking (Kathrin).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish beast lesbian .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\tyrkish horse several models ash bedroom .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn catfight (Ashley).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lesbian full movie glans bondage .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\canadian kicking girls ash .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia cum sperm sleeping nipples black hairunshaved .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\british horse big .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse nude [milf] black hairunshaved .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx [bangbus] upskirt .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking animal sleeping 40+ .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\italian beast several models .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black beastiality [bangbus] .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\italian cum uncut black hairunshaved (Sarah,Sandy).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\nude kicking catfight sm .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\black sperm catfight YEâPSè& .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\nude gay voyeur pregnant (Samantha).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\handjob porn girls leather (Jenna).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\nude action uncut lady .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\fucking public ash (Anniston).avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\french cum bukkake uncut feet YEâPSè& .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lingerie [milf] beautyfull .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african action hot (!) ejaculation .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish trambling several models femdom .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\asian animal public cock girly .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\beastiality public upskirt .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\indian kicking lingerie licking shoes .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\horse girls ash blondie .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\french lesbian blowjob catfight feet .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\african beast handjob [free] (Liz).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\action masturbation glans high heels .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\beastiality [milf] hotel (Sandy,Britney).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\beastiality full movie (Britney).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\cumshot girls 40+ (Ashley).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american lesbian action full movie ash .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot full movie hairy .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\action licking (Christine,Sylvia).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish lingerie bukkake lesbian (Ashley).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\german cumshot lesbian girls high heels .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black kicking cum uncut .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian lesbian bukkake [bangbus] glans .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\malaysia sperm voyeur young .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\japanese action voyeur stockings .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian gang bang bukkake several models .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\handjob xxx hidden sweet .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\brasilian trambling porn voyeur titts (Britney).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\chinese kicking hot (!) sweet .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\action [milf] cock beautyfull .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\spanish kicking [bangbus] sweet (Sarah,Tatjana).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\japanese beastiality [free] (Christine,Ashley).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\beastiality hardcore full movie bondage .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\fucking full movie legs ejaculation .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\black cum nude uncut .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\spanish kicking gay [free] redhair .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\gay [free] upskirt .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black kicking lesbian cock .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\african horse porn sleeping vagina bondage .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\brasilian blowjob horse uncut (Samantha).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish animal beastiality full movie feet .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fucking fucking hidden .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\tyrkish animal [milf] titts stockings (Gina,Jenna).mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish kicking kicking licking upskirt .mpeg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse lingerie [milf] boobs .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\russian blowjob lingerie [free] hole traffic .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\xxx licking nipples (Curtney).zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\horse [bangbus] nipples leather (Janette).mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese kicking handjob hidden (Sonja).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\american bukkake beast [bangbus] latex .mpg.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\danish handjob catfight titts mature (Anniston,Jenna).rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\malaysia beastiality sperm sleeping .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian beastiality uncut .avi.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\chinese hardcore several models cock .zip.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\asian lingerie full movie vagina girly .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gay hidden hole .rar.exe	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4324	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4324	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2600	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2600	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4204	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4204	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2668	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2668	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1240	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1240	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1652	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
1652	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3556	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
3556	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 1712	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	85
PID 4856 wrote to memory of 1712	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	85
PID 4856 wrote to memory of 1712	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	85
PID 4856 wrote to memory of 3828	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	89
PID 4856 wrote to memory of 3828	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	89
PID 4856 wrote to memory of 3828	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	89
PID 1712 wrote to memory of 2856	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	90
PID 1712 wrote to memory of 2856	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	90
PID 1712 wrote to memory of 2856	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	90
PID 3828 wrote to memory of 3400	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	92
PID 3828 wrote to memory of 3400	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	92
PID 3828 wrote to memory of 3400	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	92
PID 4856 wrote to memory of 4152	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	93
PID 4856 wrote to memory of 4152	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	93
PID 4856 wrote to memory of 4152	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	93
PID 1712 wrote to memory of 4820	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	94
PID 1712 wrote to memory of 4820	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	94
PID 1712 wrote to memory of 4820	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	94
PID 2856 wrote to memory of 5032	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	95
PID 2856 wrote to memory of 5032	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	95
PID 2856 wrote to memory of 5032	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	95
PID 3400 wrote to memory of 4324	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	97
PID 3400 wrote to memory of 4324	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	97
PID 3400 wrote to memory of 4324	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	97
PID 3828 wrote to memory of 2016	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	98
PID 3828 wrote to memory of 2016	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	98
PID 3828 wrote to memory of 2016	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	98
PID 4856 wrote to memory of 2600	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	99
PID 4856 wrote to memory of 2600	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	99
PID 4856 wrote to memory of 2600	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	99
PID 4152 wrote to memory of 4204	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	100
PID 4152 wrote to memory of 4204	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	100
PID 4152 wrote to memory of 4204	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	100
PID 1712 wrote to memory of 4400	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	101
PID 1712 wrote to memory of 4400	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	101
PID 1712 wrote to memory of 4400	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	101
PID 2856 wrote to memory of 2668	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	102
PID 2856 wrote to memory of 2668	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	102
PID 2856 wrote to memory of 2668	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	102
PID 4820 wrote to memory of 1240	4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	103
PID 4820 wrote to memory of 1240	4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	103
PID 4820 wrote to memory of 1240	4820	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	103
PID 5032 wrote to memory of 1652	5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	104
PID 5032 wrote to memory of 1652	5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	104
PID 5032 wrote to memory of 1652	5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	104
PID 3400 wrote to memory of 3556	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	107
PID 3400 wrote to memory of 3556	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	107
PID 3400 wrote to memory of 3556	3400	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	107
PID 3828 wrote to memory of 3268	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	108
PID 3828 wrote to memory of 3268	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	108
PID 3828 wrote to memory of 3268	3828	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	108
PID 4856 wrote to memory of 3968	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	109
PID 4856 wrote to memory of 3968	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	109
PID 4856 wrote to memory of 3968	4856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	109
PID 1712 wrote to memory of 2808	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	110
PID 1712 wrote to memory of 2808	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	110
PID 1712 wrote to memory of 2808	1712	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	110
PID 2856 wrote to memory of 2264	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	111
PID 2856 wrote to memory of 2264	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	111
PID 2856 wrote to memory of 2264	2856	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	111
PID 4152 wrote to memory of 2336	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	112
PID 4152 wrote to memory of 2336	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	112
PID 4152 wrote to memory of 2336	4152	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	112
PID 5032 wrote to memory of 1276	5032	8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        9⤵
        
        PID:21460
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:20912
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:20516
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:24372
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18832
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:18568
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18848
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:20808
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:23528
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:21376
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:20448
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:20884
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:19908
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18704
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:23536
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21400
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:21416
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18536
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21368
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19980
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20792
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:17128
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:19944
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:20508
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:19916
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:23512
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20864
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:20004
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:24384
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:20492
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18792
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20816
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18784
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:24172
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19484
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:19996
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:23520
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18728
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19988
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18752
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:19164
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:23548
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18744
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18656
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:3368
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14344
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:19924
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:21392
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:18496
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:19972
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:19492
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:19892
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:21408
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:20784
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20456
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21464
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18712
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19960
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:19884
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18800
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:24364
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21452
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21360
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19476
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:21384
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18688
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:20800
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:24392
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14840
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:20500
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18512
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:19952
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18560
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20464
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20660
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18680
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18840
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:23984
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6380
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14736
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:18816
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:24352
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:18504
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:164
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:20872
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:24344
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14528
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18552
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18576
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:16264
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:17932
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
      4⤵
      PID:18520
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:7124
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14632
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:18544
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:8532
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14744
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:17104
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:6752
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:14832
- - C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
    3⤵
    PID:20468
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:9524
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:14872
- C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8adc26cc3233fdc7683cd33d0bb0a4c0_NeikiAnalytics.exe"
  2⤵
  PID:20484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia cum sperm sleeping nipples black hairunshaved .mpeg.exe

Filesize
547KB

MD5
2079e14ba2a30fbfc253d93b136d395e

SHA1
e16ab152c5ae406b9ff6c934ba2e505047cad45a

SHA256
fd856fcc1dacab2e78d76d9324c75074d9e15dce7dfcb62d18b898470cea7420

SHA512
63e85737287ce689a7f1fcd61e3962331a46fa042576b9a4fe45fe5c13cfbe591f98392c3c17987bbd9bdcc77df22200c639f3d8515ab632c40e701d28150829

Download Submit
C:\debug.txt

Filesize
146B

MD5
f894dd0e95e4021e74f8b530bf5fe086

SHA1
d23a4e724f4d5a15dfbec477e932499ccec8d422

SHA256
1c18827ac21acb3fffc279f5368ce3cb6e6ef00afc697cf4a06a4736042a0533

SHA512
e730e58651994fecf12e198cd935c1640b0f166f3aa724dd02349521708b54fd2598530941c51a4eac2672210381dff36f028618bcff7f3a308f280bd0c934bf

Download Submit
memory/940-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/940-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1240-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1240-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1276-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1276-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1652-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1652-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1712-83-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1712-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2016-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2016-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2264-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2264-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2600-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2600-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2668-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2668-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2808-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2808-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3268-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3268-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3400-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3400-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3412-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3412-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3556-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3556-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3828-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3828-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3848-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3848-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3968-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3968-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4152-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4152-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4204-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4204-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4324-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4324-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4400-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4400-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4420-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4420-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4464-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4464-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4820-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4820-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4856-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4856-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5032-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5032-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5152-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5152-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5300-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5312-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5324-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5324-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5340-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5340-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5348-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5356-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5364-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5372-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5380-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5388-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5404-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5412-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5420-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5428-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5440-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5444-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6100-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6108-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6124-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6132-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6180-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6188-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6328-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6352-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6372-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download